[jboss-jira] [JBoss JIRA] (WFLY-904) The property AuthorizationManager is null exceptions and NPE on SimpleSecurityManager when connecting firstly from a remote client

Fri Sep 19 06:22:03 EDT 2014

    [ https://issues.jboss.org/browse/WFLY-904?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13000830#comment-13000830 ] 

blass megod edited comment on WFLY-904 at 9/19/14 6:21 AM:
-----------------------------------------------------------

I have the same error (porting from JBoss 5.1 to Jboss 8.1), but the deployment is ok if I'm in debug from Eclipse on Wildfly and I put a breakpoint anywhere in the code before the first ejb method invocation (repeated the test more that 50 times with and without debug).

This is what I have found out for now:
The SecurityDomainService is started in more simultaneous threads (depending of how many security domains do you have, default 3), but if you have a ServletContextListener implementation and you call from there an EJB, it will call it faster than the SecurityDomainService can finish, it looks like a JBoss internal sync problem to me.

was (Author: blassmegod):
I have the same error (porting from JBoss 5.1 to Jboss 8.1), but the deployment is ok if I'm in debug from Eclipse on Wildfly and I put a breakpoint anywhere in the code before the first ejb method invocation (repeated the test more that 50 times with and without debug).

> The property AuthorizationManager is null exceptions and NPE on SimpleSecurityManager when connecting firstly from a remote client
> ----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-904
>                 URL: https://issues.jboss.org/browse/WFLY-904
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>         Environment: Eclipse Juno SR2 with JBoss Tools, Mac OS X, Sun JDK 6
>            Reporter: Fernando Nasser
>            Assignee: Darran Lofthouse
>              Labels: eap6, investigation_required
>         Attachments: NPEinSimpleSecurityManager, PBOX000075, QSecuredEJB.jar, QSecuredEJB.zip, SecurityRelatedSettings
>
>
> Description of problem:
> If one tries and use security enabled EJBs from a remote client (authenticated connection) before connecting first from a servlet both a Server NPE and an erroneous exception are thrown.  However, if one uses some servlet-based authentication first, the missing field is "primed" and from that point on the remote application can use the secure EJBs normally, proper Role authorization is checked and enforced etc.  With absolutely no changes in configuration, code (incl. annotation) whatsoever.  Any number of remote client connections will succeed until you restart the server.  Then the errors are back, until you "prime" the Server by connecting using a Servlet.
> More complete data is attached, but here are some info:
> NPE is thrown at:
> org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:394)
> Bean method invocation fails with exceptions containing the message:
> JBAS011048: Failed to construct component instance
> I am using the "other" security context for testing.
> I am running the Server in standalone mode.
> When I say remote I mean not in the Server, but I am running my client from localhost.
> Version-Release number of selected component (if applicable):  Seen on EAP 6.1.0 alpha (apparently present on AS 7.1.1 as well).
>  

--
This message was sent by Atlassian JIRA
(v6.3.1#6329)