<div dir="ltr"><div><div><div><div><div>Hi,<br><br></div>When using a basic async servlet, where the request processing is transferred to an @Asynchronous method, there's a NPE at the end of the request:<br><br>Exception in thread "default task-107" java.lang.NullPointerException<br>
at org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.wasAuthExceptionThrown(JASPIAuthenticationMechanism.java:164)<br> at org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.access$100(JASPIAuthenticationMechanism.java:72)<br>
at org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:240)<br> at org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:234)<br>
at io.undertow.server.HttpServerExchange$WrapperStreamSinkConduitFactory.create(HttpServerExchange.java:2017)<br> at io.undertow.server.HttpServerExchange.getResponseChannel(HttpServerExchange.java:1167)<br> at io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:619)<br>
at io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:451)<br> at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:525)<br> at io.undertow.servlet.spec.AsyncContextImpl$3.run(AsyncContextImpl.java:294)<br>
at io.undertow.servlet.spec.AsyncContextImpl$6.run(AsyncContextImpl.java:432)<br><br></div>The direct cause is that JASPIAuthenticationMechanism#wasAuthExceptionThrown tries to access the security context as-in the following line:<br>
<br>SecurityContextAssociation.getSecurityContext().getData().get(AuthException.class.getName()) != null<br><br></div>Only, for an async request processing thread SecurityContextAssociation.getSecurityContext() is always null, causing the NPE. I created a test that functions as a reproducer here: <a href="https://github.com/arjantijms/javaee7-samples/tree/master/jaspic/async-authentication">https://github.com/arjantijms/javaee7-samples/tree/master/jaspic/async-authentication</a> It also looks like there's something not entirely right with the async time out on Undertow, but I haven't nailed that one down yet.<br>
<br></div><div>Kind regards,<br>Arjan<br></div></div><div><div><div><div><div><br><br></div></div></div></div></div></div>