[JBoss JIRA] (WFLY-3400) NullPointerException in JAASIdentityManagerImpl
by Stanislav Zelivinski (JIRA)
Stanislav Zelivinski created WFLY-3400:
------------------------------------------
Summary: NullPointerException in JAASIdentityManagerImpl
Key: WFLY-3400
URL: https://issues.jboss.org/browse/WFLY-3400
Project: WildFly
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: JPA / Hibernate, REST, Security
Affects Versions: 8.1.0.CR1
Environment: Linux Fedora
Reporter: Stanislav Zelivinski
Assignee: Scott Marlow
Priority: Critical
I created RESTful service using RESTeasy. Configured standalone.xml to include custom security domain. Created JPALoginModule which is derived from UsernamePasswordLoginModule. Everything seems to be working fine when I am testing from SOAP UI but in the end of authentication process I am getting the following exception and service is not called:
11:12:36,852 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: WildFly 8.1.0.CR1 "Kenny" started in 16241ms - Started 1030 of 1118 services (150 services are lazy, passive or on-demand)
11:13:19,710 INFO [org.jboss.ejb.client] (default task-2) JBoss EJB Client version 2.0.1.Final
11:13:21,952 ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /vtruespeed/testcontroller/rest/v5/mode: java.lang.RuntimeException: java.lang.NullPointerException
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:126)
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:82)
at io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:110) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.5.Final.jar:1.0.5.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
Caused by: java.lang.NullPointerException
at org.wildfly.extension.undertow.security.AccountImpl.<init>(AccountImpl.java:61)
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:123)
... 29 more
This is major issue for us.
Thanks,
Stan
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
12 years, 1 month
[JBoss JIRA] (LOGMGR-106) Fix possible Level leak for OpenJDK
by James Perkins (JIRA)
James Perkins created LOGMGR-106:
------------------------------------
Summary: Fix possible Level leak for OpenJDK
Key: LOGMGR-106
URL: https://issues.jboss.org/browse/LOGMGR-106
Project: JBoss Log Manager
Issue Type: Enhancement
Security Level: Public (Everyone can see)
Reporter: James Perkins
Assignee: James Perkins
Fix For: 1.5.3.Final, 2.0.0.Beta1
Currently {{org.jboss.logmanager.LogManager}} has a hack to get around the {{java.util.logging.Level}} storing levels in a static map. OpenJDK uses an inner-class to do the same thing. A hack is needed to also check the OpenJDK static level mapping.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
12 years, 1 month
[JBoss JIRA] (WFLY-3387) myfaces support : Handling PostConstruct annotations - wrong order
by hamid aghazzaf (JIRA)
[ https://issues.jboss.org/browse/WFLY-3387?page=com.atlassian.jira.plugin.... ]
hamid aghazzaf updated WFLY-3387:
---------------------------------
Attachment: JavaServerFaces.rar
> myfaces support : Handling PostConstruct annotations - wrong order
> -------------------------------------------------------------------
>
> Key: WFLY-3387
> URL: https://issues.jboss.org/browse/WFLY-3387
> Project: WildFly
> Issue Type: Feature Request
> Components: JSF
> Affects Versions: 8.0.0.Final
> Reporter: hamid aghazzaf
> Assignee: Farah Juma
> Attachments: JavaServerFaces.rar, JavaServerFaces.rar
>
>
> The specification states that managed bean methods annotated with @PostConstruct have to be called after the object is initialized and after dependency injection is performed. However, MyFaces calls those methods after the bean instance is created but before dependency injection is performed.
> This issue was resolved for tomcat7 server (https://issues.apache.org/jira/browse/MYFACES-1761). But remain with WildFly 8.0.Final .
> Bellow the list of third party artifacts used with their versions :
> activation-1.1.jar joda-time-2.3.jar velocity-1.6.2.jar
> aopalliance-1.0.jar jrobin-1.5.9.jar xml-apis-1.0.b2.jar
> aspectjrt-1.6.12.jar jsr305-1.3.9.jar xmlbeans-2.3.0.jar
> aspectjtools-1.6.2.jar jstl-1.2.jar
> aspectjweaver-1.6.11.jar junit-3.8.1.jar
> atmosphere-runtime-2.0.1.jar log4j-1.2.12.jar
> avalon-framework-4.1.3.jar logback-classic-0.9.30.jar
> bcmail-jdk14-1.38.jar logback-core-0.9.30.jar
> bcmail-jdk14-138.jar logkit-1.0.1.jar
> bcprov-jdk14-1.38.jar mail-1.4.jar
> bcprov-jdk14-138.jar myfaces-api-2.1.12.jar
> bctsp-jdk14-1.38.jar myfaces-impl-2.1.12.jar
> bsh-2.0b4.jar oro-2.0.8.jar
> castor-1.2.jar poi-3.7.jar
> cglib-3.0.jar poi-ooxml-3.7.jar
> commons-beanutils-1.8.2.jar poi-ooxml-schemas-3.7.jar
> commons-codec-1.3.jar primefaces-4.0.jar
> commons-collections-3.2.jar primefaces-extensions-0.7.1.jar
> commons-dbcp-1.2.2.jar servlet-api-2.3.jar
> commons-digester-1.8.jar slf4j-api-1.6.2.jar
> commons-fileupload-1.3.1.jar slf4j-log4j12-1.6.1.jar
> commons-io-2.4.jar smoothness-1.0.10.jar
> commons-lang-2.2.jar snakeyaml-1.6.jar
> commons-lang3-3.1.jar spring-aop-3.1.0.RELEASE.jar
> commons-logging-1.1.jar spring-asm-3.1.0.RELEASE.jar
> commons-pool-1.3.jar spring-aspects-3.1.0.RELEASE.jar
> dom4j-1.6.1.jar spring-beans-3.1.0.RELEASE.jar
> geronimo-stax-api_1.0_spec-1.0.jar spring-binding-2.3.2.RELEASE.jar
> groovy-all-2.0.1.jar spring-context-3.1.0.RELEASE.jar
> gsfar-base-0.0.8-SNAPSHOT.jar spring-context-support-3.1.0.RELEASE.jar
> gsfar-core-0.0.8-SNAPSHOT.jar spring-core-3.1.0.RELEASE.jar
> gsfar-domain-0.0.8-SNAPSHOT.jar spring-data-commons-1.5.2.RELEASE.jar
> gson-2.2.2.jar spring-data-commons-core-1.4.0.RELEASE.jar
> guava-12.0.jar spring-data-envers-0.1.0.RELEASE.jar
> hibernate-commons-annotations-4.0.1.Final.jar spring-data-jpa-1.3.4.RELEASE.jar
> hibernate-core-4.1.7.Final.jar spring-expression-3.2.1.RELEASE.jar
> hibernate-entitymanager-4.1.7.Final.jar spring-faces-2.3.2.RELEASE.jar
> hibernate-envers-4.1.7.Final.jar spring-integration-core-2.2.2.RELEASE.jar
> hibernate-jpa-2.0-api-1.0.1.Final.jar spring-integration-jdbc-2.2.2.RELEASE.jar
> hsqldb-1.8.0.7.jar spring-jdbc-3.1.0.RELEASE.jar
> itext-2.1.7.jar spring-js-2.3.2.RELEASE.jar
> jackson-annotations-2.1.4.jar spring-js-resources-2.3.2.RELEASE.jar
> jackson-core-2.1.4.jar spring-orm-3.1.0.RELEASE.jar
> jackson-databind-2.1.4.jar spring-retry-1.0.2.RELEASE.jar
> jasperreports-5.5.1.jar spring-security-config-3.1.4.RELEASE.jar
> javamelody-core-1.49.0.jar spring-security-core-3.1.4.RELEASE.jar
> javassist-3.15.0-GA.jar spring-security-web-3.1.4.RELEASE.jar
> jboss-logging-3.1.0.GA.jar spring-test-3.1.0.RELEASE.jar
> jboss-transaction-api_1.1_spec-1.0.0.Final.jar spring-tx-3.1.0.RELEASE.jar
> jcl-over-slf4j-1.7.1.jar spring-web-3.1.0.RELEASE.jar
> jcommander-1.12.jar spring-webflow-2.3.2.RELEASE.jar
> jcommon-1.0.15.jar spring-webmvc-3.2.1.RELEASE.jar
> jdtcore-3.1.0.jar stax-api-1.0.1.jar
> jfreechart-1.0.12.jar testng-6.4.jar
> I use spring profiles rather than maven profiles, this way, the same build (war file) is deploy-able in tomcat7 server as well as in Wildfly-8.0.0.Final.
> I have toggled two types of breakpoints in one of my managed bean :
> The first type is for the initialization method ( annotated with @PostConstruct )
> The second type is for setters of all properties aware of injection ( annotated with @ManagedProperty("# {xxx}
> ") ).
> When deploying to Tomcat7, every thing is well, all injections methods are invoked before the initialization method is called.
> But, when running under Wildfly-8.0.0.Final, the initialization method is called before, and this causes NullPointerException for properties not yet injected. This behavior is the same regardless the deployment is done from the administration console or from my eclipse workbench.
> We don’t have a lot of choices regarding the version of myfaces to use, as the only installer provided for adding support of myfaces to wildFly contains the version 2.1.12. And it's not a problem for continue with this version of myfaces. The installer is down-loadable from nexus : https://repository.jboss.org/nexus/index.html#nexus-search;gav~org.wildfl...
> Thanks a lot in advance for your response.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
12 years, 1 month
[JBoss JIRA] (WFLY-3398) excessive ERROR logging on webservices invocation if SoapFault
by Thomas Frühbeck (JIRA)
Thomas Frühbeck created WFLY-3398:
-------------------------------------
Summary: excessive ERROR logging on webservices invocation if SoapFault
Key: WFLY-3398
URL: https://issues.jboss.org/browse/WFLY-3398
Project: WildFly
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Web Services
Affects Versions: 8.1.0.CR2
Reporter: Thomas Frühbeck
Assignee: Alessio Soldano
Priority: Minor
AbstractInvocationHandler logs ERROR even if invocation fails with SOAPFault, which is IMHO wrong.
It is to be handled like @ApplicationException, the service implementation too care to raise a SOAPFault.
catch (Throwable t) {
WSLogger.ROOT_LOGGER.methodInvocationFailed(t, t.getLocalizedMessage());
handleInvocationException(t);
The current implementation leads to excessive false ERROR logs, which is unpleasant in production environments.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
12 years, 1 month