[jboss-user] [Security] - JBossNegotiation NullPointerExcpetion on EJB Call after Cach

j_ri do-not-reply at jboss.com
Fri Sep 4 05:28:38 EDT 2009


Hi,

this week I gave JBossNegotiation a try. I tried it with a webapplication which calls a stateless session ejb.

In the first step authentication works well, but after the SecurityManager Cache timed out, the next call from the webapp to the EJB fails with a NullPointerExcpetion:


09:55:06,299 WARN  [FWAction] de.lbank.portal.PortalException: java.lang.NullPointerException
	at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:106)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
	at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
	at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
	at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
	at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:211)
	at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:158)
	at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
	at org.jboss.ejb.plugins.CleanShutdownInterceptor.invoke(CleanShutdownInterceptor.java:278)
	at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
	at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
	at org.jboss.ejb.Container.invoke(Container.java:960)
	at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430)
	at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
	at $Proxy266.getAlleAnwendungen(Unknown Source)
	at de.lbank.portal.ejb.PortalLocalEjbBusinessDelegate.getAlleAnwendungen(PortalLocalEjbBusinessDelegate.java:75)
	at de.lbank.portal.web.action.PortalHomeAnzeigeAction.doExecute(PortalHomeAnzeigeAction.java:92)
	at com.cc.framework.adapter.struts.ActionUtil.execute(Unknown Source)
	at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
	at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
	at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421)
	at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:226)
	at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
	at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
	at de.lbank.framework.web.struts.LActionServlet.service(LActionServlet.java:53)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
	at org.jboss.web.tomcat.service.session.ClusteredSessionValve.invoke(ClusteredSessionValve.java:87)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn.invoke(ClusteredSingleSignOn.java:676)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
	at java.lang.Thread.run(Thread.java:595)



Is there a solution for this problem, if I don't want to change the "DefaultCacheTimeout" in the "org.jboss.security.plugins.JaasSecurityManagerService" MBean to a very long time?

How does this work with failover in the cluster?

Thanks,
Jochen


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4253516#4253516

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4253516



More information about the jboss-user mailing list