[jboss-jira] [JBoss JIRA] (WFLY-9240) WeldSecurityServices not able to obtain the current SecurityDomain anymore

Darran Lofthouse (JIRA) issues at jboss.org
Mon Sep 11 08:02:02 EDT 2017 

    [ https://issues.jboss.org/browse/WFLY-9240?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13461988#comment-13461988 ] 

Darran Lofthouse commented on WFLY-9240:
----------------------------------------

Investigating this I am seeing some slightly different behaviour than the description, after running the test I am seeing the following stack trace in the logs: -

{noformat}
Caused by: java.lang.NullPointerException
	at java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:936)
	at org.wildfly.security.auth.server.SecurityDomain.getCurrent(SecurityDomain.java:171)
	at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:74)
	at org.jboss.weld.tests.event.async.context.security.Printer$$$view2.print(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
{noformat}

This does indicate I have a bug within Elytron I need to fix but that will not be the solution to the current failure.

The NullPointerException I am seeing is because Thread.getContextClassLoader() is returning null so for some reason the deployments class loader is not associated with the Thread.  I will apply a fix to WildFly Elytron 1.2 which will detect the null ClassLoader and return null from the SecurityDomain.getCurrent, for the purpose of this specifically failing test I think investigation needs to look into why the class loader is not set for the thread during the test.


> WeldSecurityServices not able to obtain the current SecurityDomain anymore
> --------------------------------------------------------------------------
>
>                 Key: WFLY-9240
>                 URL: https://issues.jboss.org/browse/WFLY-9240
>             Project: WildFly
>          Issue Type: Bug
>          Components: CDI / Weld, Security
>    Affects Versions: 11.0.0.Beta1, 11.0.0.CR1
>            Reporter: Martin Kouba
>            Assignee: Darran Lofthouse
>            Priority: Critical
>
> The integration code used by Weld 3 to propagate the security context of the current thread to different threads (needed for async events CDI 2.0 feature) is not able to obtain the current {{org.wildfly.security.auth.server.SecurityDomain}} anymore. 
> The invocation of [SecurityDomain.getCurrent()|https://github.com/weld/wildfly/blob/11.0.0.Beta1-weld3/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java#L117] returns {{null}}. 
> Note that this worked on WildFly *11.0.0.Alpha1*.
> It's also possible that the test (see also steps to reproduce) is wrong. A review/help from a security expert would be appreciated. 



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list