[jboss-jira] [JBoss JIRA] (AS7-3227) When a Stateless Session Bean is used as a REST-Resource, calling getUserPrincipal() on an injected SecurityContext sometimes returns null

Stuart Douglas (JIRA) jira-events at lists.jboss.org
Sun Mar 11 17:27:47 EDT 2012 

     [ https://issues.jboss.org/browse/AS7-3227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stuart Douglas updated AS7-3227:
--------------------------------

             Priority: Critical  (was: Major)
    Affects Version/s: 7.1.1.Final
          Component/s: Web
                           (was: EJB)


I can reproduce this with your new instructions.
                
> When a Stateless Session Bean is used as a REST-Resource, calling getUserPrincipal() on an injected SecurityContext sometimes returns null
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AS7-3227
>                 URL: https://issues.jboss.org/browse/AS7-3227
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: REST, Web
>    Affects Versions: 7.0.2.Final, 7.1.0.CR1b, 7.1.0.Final, 7.1.1.Final
>         Environment: Ubuntu Linux 11.04 64-bit, jdks 1.7.0_02 and 1.6.0_26
>            Reporter: Philipp Berger
>            Assignee: Stuart Douglas
>            Priority: Critical
>
> Considered the following stateless session bean which is propagated as a REST-Webservice:
> {code:title=UserPrincipalRESTService.java|borderStyle=solid}
> @Path("/test")
> public interface UserPrincipalRESTService {
> 	@GET
> 	@Produces(MediaType.TEXT_PLAIN)
> 	String helloUser();
> }
> {code} 
> {code:title=UserPrincipalRESTServiceImpl.java|borderStyle=solid}
> @Stateless
> @Local
> public class UserPrincipalRESTServiceImpl implements UserPrincipalRESTService {
> 	@Context
> 	private SecurityContext securityContext;
>     public String helloUser() {
> 		final String userName = securityContext.getUserPrincipal().getName();
> 		return "Hello " + userName+"!";
> 	}
> }
> {code} 
> After a certain (sometimes very large) amount of GET Requests on the Resource, the injected SecurityContext's user principal suddenly is null and a NPE is thrown. Once this happened, every second call to the resource will throw a NPE until the application server is restarted.  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list