9:49 a.m.
Hi,
When using a basic async servlet, where the request processing is
transferred to an @Asynchronous method, there's a NPE at the end of the
request:
Exception in thread "default task-107" java.lang.NullPointerException
at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.wasAuthExceptionThrown(JASPIAuthenticationMechanism.java:164)
at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.access$100(JASPIAuthenticationMechanism.java:72)
at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:240)
at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:234)
at
io.undertow.server.HttpServerExchange$WrapperStreamSinkConduitFactory.create(HttpServerExchange.java:2017)
at
io.undertow.server.HttpServerExchange.getResponseChannel(HttpServerExchange.java:1167)
at
io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:619)
at
io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:451)
at
io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:525)
at
io.undertow.servlet.spec.AsyncContextImpl$3.run(AsyncContextImpl.java:294)
at
io.undertow.servlet.spec.AsyncContextImpl$6.run(AsyncContextImpl.java:432)
The direct cause is that
JASPIAuthenticationMechanism#wasAuthExceptionThrown tries to access the
security context as-in the following line:
SecurityContextAssociation.getSecurityContext().getData().get(AuthException.class.getName())
!= null
Only, for an async request processing thread
SecurityContextAssociation.getSecurityContext() is always null, causing the
NPE. I created a test that functions as a reproducer here:
https://github.com/arjantijms/javaee7-samples/tree/master/jaspic/async-au...
It also looks like there's something not entirely right with the async time
out on Undertow, but I haven't nailed that one down yet.
Kind regards,
Arjan
6:37 p.m.
I think I have fixes for both these issues.
https://github.com/wildfly/wildfly/pull/6539/files
Should fix the NPE (I was not sure what security domain config your
example needed in order to reproduce).
The timeout issues should be fixed in Undertow upstream, it looks like
there was two issues:
- The timeout was running in an IO thread
- ThreadLocals where not being properly set up before dispatching to the
error page
Stuart
arjan tijms wrote:
Hi,
When using a basic async servlet, where the request processing is
transferred to an @Asynchronous method, there's a NPE at the end of the
request:
Exception in thread "default task-107" java.lang.NullPointerException
at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.wasAuthExceptionThrown(JASPIAuthenticationMechanism.java:164)
at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism.access$100(JASPIAuthenticationMechanism.java:72)
at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:240)
at
org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.java:234)
at
io.undertow.server.HttpServerExchange$WrapperStreamSinkConduitFactory.create(HttpServerExchange.java:2017)
at
io.undertow.server.HttpServerExchange.getResponseChannel(HttpServerExchange.java:1167)
at
io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:619)
at
io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:451)
at
io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:525)
at
io.undertow.servlet.spec.AsyncContextImpl$3.run(AsyncContextImpl.java:294)
at
io.undertow.servlet.spec.AsyncContextImpl$6.run(AsyncContextImpl.java:432)
The direct cause is that
JASPIAuthenticationMechanism#wasAuthExceptionThrown tries to access the
security context as-in the following line:
SecurityContextAssociation.getSecurityContext().getData().get(AuthException.class.getName())
!= null
Only, for an async request processing thread
SecurityContextAssociation.getSecurityContext() is always null, causing
the NPE. I created a test that functions as a reproducer here:
https://github.com/arjantijms/javaee7-samples/tree/master/jaspic/async-au...
It also looks like there's something not entirely right with the async
time out on Undertow, but I haven't nailed that one down yet.
Kind regards,
Arjan
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev
4:38 a.m.
Hi,
On Mon, Jul 28, 2014 at 1:37 AM, Stuart Douglas <sdouglas(a)redhat.com> wrote:
I think I have fixes for both these issues.
https://github.com/wildfly/wildfly/pull/6539/files
Should fix the NPE (I was not sure what security domain config your
example needed in order to reproduce).
Okay great, I'll give it a shot. The security domain configured in
standalone.xml is a dummy one that's unfortunately needed to trick Undertow
into activating JASPIC (it shouldn't be needed, but for now it is). It's
the following one that's used I think in pretty much all WildFly JASPIC
examples:
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
The timeout issues should be fixed in Undertow upstream, it looks
like
there was two issues:
- The timeout was running in an IO thread
- ThreadLocals where not being properly set up before dispatching to the
error page
This sounds like it could well be the issue I was seeing. Timeout was
indeed running in an IO thread and it for some reason didn't see that the
response was committed and/or dispatched, even when asyncContext.complete()
had been called.
Regards,
Arjan
Stuart
arjan tijms wrote:
> Hi,
>
> When using a basic async servlet, where the request processing is
> transferred to an @Asynchronous method, there's a NPE at the end of the
> request:
>
> Exception in thread "default task-107" java.lang.NullPointerException
> at
> org.wildfly.extension.undertow.security.jaspi.
> JASPIAuthenticationMechanism.wasAuthExceptionThrown(
> JASPIAuthenticationMechanism.java:164)
> at
> org.wildfly.extension.undertow.security.jaspi.
> JASPIAuthenticationMechanism.access$100(JASPIAuthenticationMechanism.
> java:72)
> at
> org.wildfly.extension.undertow.security.jaspi.
> JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.
> java:240)
> at
> org.wildfly.extension.undertow.security.jaspi.
> JASPIAuthenticationMechanism$1.wrap(JASPIAuthenticationMechanism.
> java:234)
> at
> io.undertow.server.HttpServerExchange$WrapperStreamSinkConduitFactor
> y.create(HttpServerExchange.java:2017)
> at
> io.undertow.server.HttpServerExchange.getResponseChannel(
> HttpServerExchange.java:1167)
> at
> io.undertow.servlet.spec.ServletOutputStreamImpl.close(
> ServletOutputStreamImpl.java:619)
> at
> io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(
> HttpServletResponseImpl.java:451)
> at
> io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(
> HttpServletResponseImpl.java:525)
> at
> io.undertow.servlet.spec.AsyncContextImpl$3.run(
> AsyncContextImpl.java:294)
> at
> io.undertow.servlet.spec.AsyncContextImpl$6.run(
> AsyncContextImpl.java:432)
>
> The direct cause is that
> JASPIAuthenticationMechanism#wasAuthExceptionThrown tries to access the
> security context as-in the following line:
>
> SecurityContextAssociation.getSecurityContext().getData()
> .get(AuthException.class.getName())
> != null
>
> Only, for an async request processing thread
> SecurityContextAssociation.getSecurityContext() is always null, causing
> the NPE. I created a test that functions as a reproducer here:
> https://github.com/arjantijms/javaee7-samples/tree/master/
> jaspic/async-authentication
> It also looks like there's something not entirely right with the async
> time out on Undertow, but I haven't nailed that one down yet.
>
> Kind regards,
> Arjan
>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
3795
days inactive
3798
days old
2 comments
2 participants
participants (2)
-
arjan tijms -
Stuart Douglas