[
https://issues.jboss.org/browse/AS7-3227?page=com.atlassian.jira.plugin.s...
]
Bill Burke commented on AS7-3227:
---------------------------------
I have a big suspicion that Weld + EJB SLSB is at fault here. Resteasy only supports two
modes of injection (really two separate methods in the injection interface SPI):
per-request and singleton. Resteasy delegates field injection to Weld. Weld should be
reinjecting per-request things, per request, regardless if the underlying object instance
is pooled. So, I think this is a Weld+Resteasy problem, or a fundamental Weld+SLSB
problem.
I can probably fix the problem for injected interfaces like SecurityContext, as I could
just inject a proxy, but I won't be able to fix it for other things.
When a Stateless Session Bean is used as a REST-Resource, calling
getUserPrincipal() on an injected SecurityContext sometimes returns null
------------------------------------------------------------------------------------------------------------------------------------------
Key: AS7-3227
URL:
https://issues.jboss.org/browse/AS7-3227
Project: Application Server 7
Issue Type: Bug
Components: REST, Web
Affects Versions: 7.0.2.Final, 7.1.0.CR1b, 7.1.0.Final, 7.1.1.Final
Environment: Ubuntu Linux 11.04 64-bit, jdks 1.7.0_02 and 1.6.0_26
Reporter: Philipp Berger
Assignee: Stuart Douglas
Priority: Critical
Considered the following stateless session bean which is propagated as a
REST-Webservice:
{code:title=UserPrincipalRESTService.java|borderStyle=solid}
@Path("/test")
public interface UserPrincipalRESTService {
@GET
@Produces(MediaType.TEXT_PLAIN)
String helloUser();
}
{code}
{code:title=UserPrincipalRESTServiceImpl.java|borderStyle=solid}
@Stateless
@Local
public class UserPrincipalRESTServiceImpl implements UserPrincipalRESTService {
@Context
private SecurityContext securityContext;
public String helloUser() {
final String userName = securityContext.getUserPrincipal().getName();
return "Hello " + userName+"!";
}
}
{code}
After a certain (sometimes very large) amount of GET Requests on the Resource, the
injected SecurityContext's user principal suddenly is null and a NPE is thrown. Once
this happened, every second call to the resource will throw a NPE until the application
server is restarted.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira