Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: EAP_EWP 5.1.2 ER1
Affects Version/s: EAP_EWP 5.1.0
Component/s: System
Labels:
None

Affects:

Release Notes
Release Note Text:

Hide
The security interceptor did not create a security context if one did not already exist. A new clean thread (the thread with no security context) was unable to invoke the local interface of the EJB. However, a new clean thread was able to invoke the remote interface of an EJB without any problems. The fix provides modifications to the PreSecurityInterceptor, which now creates a new security context if one does not exist. A new thread with no security context is able to invoke the local interface of the EJB.

Show
The security interceptor did not create a security context if one did not already exist. A new clean thread (the thread with no security context) was unable to invoke the local interface of the EJB. However, a new clean thread was able to invoke the remote interface of an EJB without any problems. The fix provides modifications to the PreSecurityInterceptor, which now creates a new security context if one does not exist. A new thread with no security context is able to invoke the local interface of the EJB.
Release Note Status:
Documented as Resolved Issue
Docs QE Status:
ASSIGNED

A NullPointerException (see the stack trace below) is thrown when a thread that has no security context hits the local interface of a secure EJB 2 bean.

15:31:43,792 ERROR [LogInterceptor] RuntimeException in method: public abstract com.redhat.jboss.support.test.HelloStatefulLocal com.redhat.jboss.support.test.HelloStatefulLocalHome.create() throws javax.ejb.CreateException:
java.lang.NullPointerException
at org.jboss.ejb.plugins.security.SecurityActions$8.run(SecurityActions.java:140)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.ejb.plugins.security.SecurityActions.setSecurityManagement(SecurityActions.java:136)
at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:119)
at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639)
at org.jboss.ejb.Container.invoke(Container.java:1109)
at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:362)
at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:133)
at $Proxy125.create(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)

I have attached a reproducer (testcase.zip) that the customer has provided. Their test case is a beanshell script (test-ejb-call.bsh) that invokes the local interface of the ejb. The interesting thing with this bug is that a new clean thread (ie, the thread has no security context) is able to invoke the remote interface of the ejb without any problems. This can be seen by uncommenting the call in their test script that looks up the remote interface instead of the local interface.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

testcase.zip
19 kB
2011/05/17 5:20 PM

Assignee:: Derek Horton

Reporter:: Derek Horton

Writer:: Jared Morgan (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2011/05/17 5:18 PM

Updated:: 2022/09/09 6:11 AM

Resolved:: 2011/09/01 9:02 AM

Details

Description

Attachments

Attachments

Activity

People

Dates