[undertow-dev] NPE in JASPIAuthenticationMechanism when using async requests

Stuart Douglas sdouglas at redhat.com
Sun Jul 27 19:37:34 EDT 2014 

I think I have fixes for both these issues.

https://github.com/wildfly/wildfly/pull/6539/files

Should fix the NPE (I was not sure what security domain config your 
example needed in order to reproduce).

The timeout issues should be fixed in Undertow upstream, it looks like 
there was two issues:
- The timeout was running in an IO thread
- ThreadLocals where not being properly set up before dispatching to the 
error page

Stuart

arjan tijms wrote:
> Hi,
>
> When using a basic async servlet, where the request processing is
> transferred to an @Asynchronous method, there's a NPE at the end of the
> request:
>
> Exception in thread "default task-107" java.lang.NullPointerException
>      at
> org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.wasAuthExceptionThrown(JASPIAuthenticationMechanism.java:164)
>      at
> org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.access$100(JASPIAuthenticationMechanism.java:72)
>      at
> org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:240)
>      at
> org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:234)
>      at
> io.undertow.server.HttpServerExchange$WrapperStreamSinkConduitFactory.create(HttpServerExchange.java:2017)
>      at
> io.undertow.server.HttpServerExchange.getResponseChannel(HttpServerExchange.java:1167)
>      at
> io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:619)
>      at
> io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:451)
>      at
> io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:525)
>      at
> io.undertow.servlet.spec.AsyncContextImpl$3.run(AsyncContextImpl.java:294)
>      at
> io.undertow.servlet.spec.AsyncContextImpl$6.run(AsyncContextImpl.java:432)
>
> The direct cause is that
> JASPIAuthenticationMechanism#wasAuthExceptionThrown tries to access the
> security context as-in the following line:
>
> SecurityContextAssociation.getSecurityContext().getData().get(AuthException.class.getName())
> != null
>
> Only, for an async request processing thread
> SecurityContextAssociation.getSecurityContext() is always null, causing
> the NPE. I created a test that functions as a reproducer here:
> https://github.com/arjantijms/javaee7-samples/tree/master/jaspic/async-authentication
> It also looks like there's something not entirely right with the async
> time out on Undertow, but I haven't nailed that one down yet.
>
> Kind regards,
> Arjan
>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev

More information about the undertow-dev mailing list