[jboss-user] [Beginner's Corner] - Random "Security Context is null" after using SecurityClient

Wed Jul 14 15:45:10 EDT 2010

Nathan Ciliberto [http://community.jboss.org/people/snacker] created the discussion

"Random "Security Context is null" after using SecurityClient"

To view the discussion, visit: http://community.jboss.org/message/552620#552620

--------------------------------------------------------------
We have converted most of our ejb's from 2.1 to 3.0.
In order to get the client security to work we had to use the following code to setup the client's context for the ejb3:

SecurityClient client = SecurityClientFactory.getSecurityClient();
                client.setSimple( username, password );
                client.setVmwideAssociation( true );
                client.login();

Once that code has been executed and the ejb invoked we start seeing random errors such as this:

15:01:01,035 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
java.lang.IllegalStateException: Security Context is null
        at org.jboss.web.tomcat.security.SecurityAssociationActions$PopRunAsRoleAction.run(SecurityAssociationActions.java:156)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.jboss.web.tomcat.security.SecurityAssociationActions.popRunAsIdentity(SecurityAssociationActions.java:302)
        at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:193)
        at org.jboss.web.tomcat.service.session.ClusteredSessionValve.handleRequest(ClusteredSessionValve.java:135)
        at org.jboss.web.tomcat.service.session.ClusteredSessionValve.invoke(ClusteredSessionValve.java:94)
        at org.jboss.web.tomcat.service.session.LockingValve.invoke(LockingValve.java:62)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:619)

The error is "random"... and it occurs on any of the servlets that we have configured.
For example we've had 32,000 requests (according to  http://myserver:8090/status?full http://myserver:8090/status?full) but only 99 of these errors.

It happens for the servlets/jsps whether they are called directly from the server or via apache by way of mod_jk (ajp3).

Does anyone know why this would happen?

Do we have to setup some "default" security for the servlets/jsps?

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/552620#552620]

Start a new discussion in Beginner's Corner at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100714/14566ce4/attachment.html 