[jboss-jira] [JBoss JIRA] (AS7-3227) When a Stateless Session Bean is used as a REST-Resource, calling getUserPrincipal() on an injected SecurityContext sometimes returns null

When a Stateless Session Bean is used as a REST-Resource, calling getUserPrincipal() on an injected SecurityContext sometimes returns null ------------------------------------------------------------------------------------------------------------------------------------------ Key: AS7-3227 URL: https://issues.jboss.org/browse/AS7-3227 Project: Application Server 7 Issue Type: Bug Components: REST, Web Affects Versions: 7.0.2.Final, 7.1.0.CR1b, 7.1.0.Final, 7.1.1.Final Environment: Ubuntu Linux 11.04 64-bit, jdks 1.7.0_02 and 1.6.0_26 Reporter: Philipp Berger Assignee: Stuart Douglas Priority: Critical Considered the following stateless session bean which is propagated as a REST-Webservice: {code:title=UserPrincipalRESTService.java|borderStyle=solid} @Path("/test") public interface UserPrincipalRESTService { @GET @Produces(MediaType.TEXT_PLAIN) String helloUser(); } {code} {code:title=UserPrincipalRESTServiceImpl.java|borderStyle=solid} @Stateless @Local public class UserPrincipalRESTServiceImpl implements UserPrincipalRESTService { @Context private SecurityContext securityContext; public String helloUser() { final String userName = securityContext.getUserPrincipal().getName(); return "Hello " + userName+"!"; } } {code} After a certain (sometimes very large) amount of GET Requests on the Resource, the injected SecurityContext's user principal suddenly is null and a NPE is thrown. Once this happened, every second call to the resource will throw a NPE until the application server is restarted.