[jboss-jira] [JBoss JIRA] (AS7-6853) The property AuthorizationManager is null exceptions and NPE on SimpleSecurityManager when connecting firstly from a remote client

Fernando Nasser (JIRA) jira-events at lists.jboss.org
Wed Apr 10 13:46:55 EDT 2013 

     [ https://issues.jboss.org/browse/AS7-6853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Fernando Nasser updated AS7-6853:
---------------------------------

    Attachment: QSecuredEJB.jar
                QSecuredEJB.zip


Very simple EJB-JAR example (extracted from the ejb-security Quickstart) with a JUnit client that tries and use the EJB via a Remote interface.

Note the jndi.properties file that triggers the issue.  If you rename this file the defaults are used and the NPE is not thrown.
                
> The property AuthorizationManager is null exceptions and NPE on SimpleSecurityManager when connecting firstly from a remote client
> ----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AS7-6853
>                 URL: https://issues.jboss.org/browse/AS7-6853
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: EAP 6.1.0.Alpha (7.2.0.Final)
>         Environment: Eclipse Juno SR2 with JBoss Tools, Mac OS X, Sun JDK 6
>            Reporter: Fernando Nasser
>            Assignee: Anil Saldhana
>              Labels: eap6
>         Attachments: NPEinSimpleSecurityManager, PBOX000075, QSecuredEJB.jar, QSecuredEJB.zip, SecurityRelatedSettings
>
>
> Description of problem:
> If one tries and use security enabled EJBs from a remote client (authenticated connection) before connecting first from a servlet both a Server NPE and an erroneous exception are thrown.  However, if one uses some servlet-based authentication first, the missing field is "primed" and from that point on the remote application can use the secure EJBs normally, proper Role authorization is checked and enforced etc.  With absolutely no changes in configuration, code (incl. annotation) whatsoever.  Any number of remote client connections will succeed until you restart the server.  Then the errors are back, until you "prime" the Server by connecting using a Servlet.
> More complete data is attached, but here are some info:
> NPE is thrown at:
> org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:394)
> Bean method invocation fails with exceptions containing the message:
> JBAS011048: Failed to construct component instance
> I am using the "other" security context for testing.
> I am running the Server in standalone mode.
> When I say remote I mean not in the Server, but I am running my client from localhost.
> Version-Release number of selected component (if applicable):  Seen on EAP 6.1.0 alpha (apparently present on AS 7.1.1 as well).
>  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list