[undertow-dev] NPE in JASPIAuthenticationMechanism when using async requests

arjan tijms arjan.tijms at gmail.com
Fri Jul 25 10:49:30 EDT 2014 

Hi,

When using a basic async servlet, where the request processing is
transferred to an @Asynchronous method, there's a NPE at the end of the
request:

Exception in thread "default task-107" java.lang.NullPointerException
    at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.wasAuthExceptionThrown(JASPIAuthenticationMechanism.java:164)
    at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.access$100(JASPIAuthenticationMechanism.java:72)
    at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:240)
    at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:234)
    at
io.undertow.server.HttpServerExchange$WrapperStreamSinkConduitFactory.create(HttpServerExchange.java:2017)
    at
io.undertow.server.HttpServerExchange.getResponseChannel(HttpServerExchange.java:1167)
    at
io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:619)
    at
io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:451)
    at
io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:525)
    at
io.undertow.servlet.spec.AsyncContextImpl$3.run(AsyncContextImpl.java:294)
    at
io.undertow.servlet.spec.AsyncContextImpl$6.run(AsyncContextImpl.java:432)

The direct cause is that
JASPIAuthenticationMechanism#wasAuthExceptionThrown tries to access the
security context as-in the following line:

SecurityContextAssociation.getSecurityContext().getData().get(AuthException.class.getName())
!= null

Only, for an async request processing thread
SecurityContextAssociation.getSecurityContext() is always null, causing the
NPE. I created a test that functions as a reproducer here:
https://github.com/arjantijms/javaee7-samples/tree/master/jaspic/async-authentication
It also looks like there's something not entirely right with the async time
out on Undertow, but I haven't nailed that one down yet.

Kind regards,
Arjan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20140725/c5a6b96d/attachment.html

More information about the undertow-dev mailing list