@RunAs causes NullPointerException

[glassfishrobot]

@Stateless @RunAs("ADMIN") @DeclareRoles("ADMIN") @PermitAll @Slf4j public class UserTestData {

/**

• Creates a user for each group. */ public void createTestUsers() {

log.debug("Running as {}", ctx.getCallerPrincipal()); } }

glassfish-web.xml

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">

/yam NORMAL NORMAL normal ADMIN ADMIN admin Keep a copy of the generated servlet class' java code.

Causes

SEVERE: SECEJB9000: Exception while running pre-invoke java.lang.NullPointerException at java.util.Arrays$ArrayList.(Arrays.java:2842) at java.util.Arrays.asList(Arrays.java:2828) at com.sun.enterprise.security.auth.realm.file.FileRealm.getGroupNames(FileRealm.java:299) at com.sun.enterprise.security.auth.login.LoginContextDriver.loginPrincipal(LoginContextDriver.java:295) at org.glassfish.ejb.security.application.EJBSecurityManager$2.run(EJBSecurityManager.java:857) at com.sun.enterprise.security.common.AppservAccessController.doPrivileged(AppservAccessController.java:61) at org.glassfish.ejb.security.application.EJBSecurityManager.loginForRunAs(EJBSecurityManager.java:855) at org.glassfish.ejb.security.application.EJBSecurityManager.preInvoke(EJBSecurityManager.java:824) at org.glassfish.ejb.security.application.EjbSecurityComponentInvocationHandler$1.beforePreInvoke(EjbSecurityComponentInvocationHandler.java:76) at org.glassfish.api.invocation.InvocationManagerImpl.preInvoke(InvocationManagerImpl.java:180) at com.sun.ejb.containers.BaseContainer.createEjbInstanceAndContext(BaseContainer.java:1628) at com.sun.ejb.containers.StatelessSessionContainer.createStatelessEJB(StatelessSessionContainer.java:456) at com.sun.ejb.containers.StatelessSessionContainer.access$000(StatelessSessionContainer.java:97) at com.sun.ejb.containers.StatelessSessionContainer$SessionContextFactory.create(StatelessSessionContainer.java:698) at com.sun.ejb.containers.util.pool.NonBlockingPool.getObject(NonBlockingPool.java:246) at com.sun.ejb.containers.StatelessSessionContainer._getContext(StatelessSessionContainer.java:430) at com.sun.ejb.containers.BaseContainer.getContext(BaseContainer.java:2516) at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1906) at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:210) at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88) at com.sun.proxy.$Proxy580.createTestUsers(Unknown Source) at com.anahata.yam.test.service.user.setup.__EJB31_GeneratedUserTestDataIntf__Bean.createTestUsers(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.weld.util.reflection.Reflections.invokeAndUnwrap(Reflections.java:396) at org.jboss.weld.bean.proxy.EnterpriseBeanProxyMethodHandler.invoke(EnterpriseBeanProxyMethodHandler.java:108) at org.jboss.weld.bean.proxy.EnterpriseTargetBeanInstance.invoke(EnterpriseTargetBeanInstance.java:56) at org.jboss.weld.bean.proxy.InjectionPointPropagatingEnterpriseTargetBeanInstance.invoke(InjectionPointPropagatingEnterpriseTargetBeanInstance.java:63) at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:101) at com.anahata.yam.test.service.user.setup.UserTestData$Proxy$_$$_Weld$EnterpriseProxy$.createTestUsers(Unknown Source) at com.anahata.yam.test.tech.TestDataSetup.doInit(TestDataSetup.java:57) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1081)

Affected Versions

[4.0]

[glassfishrobot]

• Issue Imported From: https://github.com/javaee/glassfish/issues/21008
• Original Issue Raised By:@glassfishrobot
• Original Issue Assigned To: @yaminikb
• Original Issue Closed By:@glassfishrobot

[glassfishrobot]

@glassfishrobot Commented pranahata said: by the way, the app is using a jdbcRealm

[glassfishrobot]

@glassfishrobot Commented pranahata said: Note that if i try this

ProgrammaticLogin pl = new ProgrammaticLogin(); log.debug("About to do programmatic login"); pl.login("admin", "admin".toCharArray());

It failes trying to authenticate against a file realm

but if i do this

ProgrammaticLogin pl = new ProgrammaticLogin(); log.debug("About to do programmatic login"); pl.login("admin", "admin".toCharArray(), "yam", true);

Then it works...

[glassfishrobot]

@glassfishrobot Commented nitkal said: Please attach the complete webapp (containing the web.xml). What is the realm name mentioned in web.xml? Are you attempting ProgrmmaticLogin to a web app? Then the 2 arg constructor cannot be used. Please look at the API for PL :

http://docs.oracle.com/cd/E19226-01/820-7695/beacm/index.html

The login methods for servlets or JSP files have the following signatures:

public java.lang.Boolean login(String user, String password, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) public java.lang.Boolean login(String user, String password, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, boolean errors) throws java.lang.Exception The login methods for EJB components have the following signatures:

public java.lang.Boolean login(String user, String password) public java.lang.Boolean login(String user, String password, String realm, boolean errors) throws java.lang.Exception

The default realmname for ProgrammaticLogin is "file". It can be overridden by passing the realm mentioned in the webapp (web.xml)

Downgrading the priority of the bug, since it works with one case

[glassfishrobot]

@glassfishrobot Commented nitkal said: Waiting for clarification from user to analyze it further. It is not a blocker since it works with one case

[glassfishrobot]

@glassfishrobot Commented pranahata said: Nithya,

The realm name is 'yam'. The @RunAs issue occurs inside the ejb container. It's a JEE7 with ejbs and a couple of servlets.

The PL happens in the postconstruct of a Singleton, this is what also calls the @Stateless annotated as @RunAs.

I haven't got time to attach a sample web app. Does @RunAs work for you on 4.0?

[glassfishrobot]

@glassfishrobot Commented nitkal said: If the realm name is yam, then the PL with the realm name argument should be used.Hence, the default file realm based constructor (2 argument constructor) will not work . Closing the issue as it is not a bug and working as expected

[glassfishrobot]

@glassfishrobot Commented pranahata said: Nithya,

The issue is that @RunAs doesn't work and one doesn't have a way of setting a realm name in a @RunAs annotation. Please reopen

[glassfishrobot]

@glassfishrobot Commented nitkal said: The RunAs annotation has a way of specifying only the role name, (authorization) which is after authentication. When you authenticate to the EJB which has RunAs annotation using the PL API, you would have to specify the right realm name .

HTH Nithya

[glassfishrobot]

@glassfishrobot Commented nitkal said: Are you observing the stack trace even after the specifying the right role name in PL ? If so, please reopen the issue and we can look into it

[glassfishrobot]

@glassfishrobot Commented Was assigned to nitkal

[glassfishrobot]

@glassfishrobot Commented This issue was imported from java.net JIRA GLASSFISH-21008

[glassfishrobot]

@glassfishrobot Commented Reported by pranahata

[glassfishrobot]

@glassfishrobot Commented Marked as invalid on Monday, March 24th 2014, 12:23:56 am