[undertow-dev] NPE in JASPIAuthenticationMechanism when using async requests

Hi, When using a basic async servlet, where the request processing is transferred to an @Asynchronous method, there's a NPE at the end of the request: Exception in thread "default task-107" java.lang.NullPointerException at org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.wasAuthExceptionThrown(JASPIAuthenticationMechanism.java:164) at org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.access$100(JASPIAuthenticationMechanism.java:72) at org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:240) at org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:234) at io.undertow.server.HttpServerExchange$WrapperStreamSinkConduitFactory.create(HttpServerExchange.java:2017) at io.undertow.server.HttpServerExchange.getResponseChannel(HttpServerExchange.java:1167) at io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:619) at io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:451) at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:525) at io.undertow.servlet.spec.AsyncContextImpl$3.run(AsyncContextImpl.java:294) at io.undertow.servlet.spec.AsyncContextImpl$6.run(AsyncContextImpl.java:432) The direct cause is that JASPIAuthenticationMechanism#wasAuthExceptionThrown tries to access the security context as-in the following line: SecurityContextAssociation.getSecurityContext().getData().get(AuthException.class.getName()) != null Only, for an async request processing thread SecurityContextAssociation.getSecurityContext() is always null, causing the NPE. I created a test that functions as a reproducer here: https://github.com/arjantijms/javaee7-samples/tree/master/jaspic/async-au... It also looks like there's something not entirely right with the async time out on Undertow, but I haven't nailed that one down yet. Kind regards, Arjan