[jboss-jira] [JBoss JIRA] (AS7-3227) When a Stateless Session Bean is used as a REST-Resource, calling getUserPrincipal() on an injected SecurityContext sometimes returns null

Stuart Douglas (JIRA) jira-events at lists.jboss.org
Tue Mar 13 23:15:47 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-3227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12676592#comment-12676592 ] 

Stuart Douglas commented on AS7-3227:
-------------------------------------

It is using org.jboss.resteasy.core.PropertyInjectorImpl#inject to perform the actual injection at EJB creation time, although the injection seems to be fired from org.jboss.resteasy.cdi.JaxrsInjectionTarget. 

This is actually really bogus, as it seems to be using the current HTTP request as part of creating the SLSB.    
                
> When a Stateless Session Bean is used as a REST-Resource, calling getUserPrincipal() on an injected SecurityContext sometimes returns null
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AS7-3227
>                 URL: https://issues.jboss.org/browse/AS7-3227
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: REST, Web
>    Affects Versions: 7.0.2.Final, 7.1.0.CR1b, 7.1.0.Final, 7.1.1.Final
>         Environment: Ubuntu Linux 11.04 64-bit, jdks 1.7.0_02 and 1.6.0_26
>            Reporter: Philipp Berger
>            Assignee: Stuart Douglas
>            Priority: Critical
>
> Considered the following stateless session bean which is propagated as a REST-Webservice:
> {code:title=UserPrincipalRESTService.java|borderStyle=solid}
> @Path("/test")
> public interface UserPrincipalRESTService {
> 	@GET
> 	@Produces(MediaType.TEXT_PLAIN)
> 	String helloUser();
> }
> {code} 
> {code:title=UserPrincipalRESTServiceImpl.java|borderStyle=solid}
> @Stateless
> @Local
> public class UserPrincipalRESTServiceImpl implements UserPrincipalRESTService {
> 	@Context
> 	private SecurityContext securityContext;
>     public String helloUser() {
> 		final String userName = securityContext.getUserPrincipal().getName();
> 		return "Hello " + userName+"!";
> 	}
> }
> {code} 
> After a certain (sometimes very large) amount of GET Requests on the Resource, the injected SecurityContext's user principal suddenly is null and a NPE is thrown. Once this happened, every second call to the resource will throw a NPE until the application server is restarted.  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list