]
Stuart Douglas updated AS7-3227:
--------------------------------
Priority: Critical (was: Major)
Affects Version/s: 7.1.1.Final
Component/s: Web
(was: EJB)
I can reproduce this with your new instructions.
When a Stateless Session Bean is used as a REST-Resource, calling
getUserPrincipal() on an injected SecurityContext sometimes returns null
------------------------------------------------------------------------------------------------------------------------------------------
Key: AS7-3227
URL:
https://issues.jboss.org/browse/AS7-3227
Project: Application Server 7
Issue Type: Bug
Components: REST, Web
Affects Versions: 7.0.2.Final, 7.1.0.CR1b, 7.1.0.Final, 7.1.1.Final
Environment: Ubuntu Linux 11.04 64-bit, jdks 1.7.0_02 and 1.6.0_26
Reporter: Philipp Berger
Assignee: Stuart Douglas
Priority: Critical
Considered the following stateless session bean which is propagated as a
REST-Webservice:
{code:title=UserPrincipalRESTService.java|borderStyle=solid}
@Path("/test")
public interface UserPrincipalRESTService {
@GET
@Produces(MediaType.TEXT_PLAIN)
String helloUser();
}
{code}
{code:title=UserPrincipalRESTServiceImpl.java|borderStyle=solid}
@Stateless
@Local
public class UserPrincipalRESTServiceImpl implements UserPrincipalRESTService {
@Context
private SecurityContext securityContext;
public String helloUser() {
final String userName = securityContext.getUserPrincipal().getName();
return "Hello " + userName+"!";
}
}
{code}
After a certain (sometimes very large) amount of GET Requests on the Resource, the
injected SecurityContext's user principal suddenly is null and a NPE is thrown. Once
this happened, every second call to the resource will throw a NPE until the application
server is restarted.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: