1 Reply Latest reply on Dec 22, 2011 6:08 AM by smurfs.smurfsturf.googlemail.com

    Seam Security 3.1 Final - Null pointer exception at AS7 startup

    smurfs.smurfsturf.googlemail.com
    smurfs.smurfsturf.googlemail.com Dec 22, 2011 4:29 AM

      Hi Jason, Shane, all,


      Thanks for all your hard work in getting Seam 3.1 final out!


      I've just tried the seam-security-3.1.0.Final library but I am getting a NullPointerException when I launch my webapp (in JBoss AS7). I've upgraded from 3.1.0.CR1. From what I can ascertain the specific error relates to the changes implemented in SEAMSECURITY-127. Here is a stacktrace snippet:


      09:16:04,378 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC00001: Failed to start service jboss.deployment.unit."curo.war".WeldService: org.jboss.msc.service.StartException in service jboss.deployment.unit."curo.war".WeldService: org.jboss.weld.exceptions.DefinitionException: Exception List with 1 exceptions:
Exception 0 :
java.lang.NullPointerException
     at org.jboss.seam.security.SecurityExtension.registerSecuredMethod(SecurityExtension.java:302)
     at org.jboss.seam.security.SecurityExtension.validateBindings(SecurityExtension.java:246)

...



      I understand that SEAMSECURITY-127 has introduced additional security annotation checks at start-up but I can't figure out what I need to change in my code to prevent these null pointer exceptions. This is all the more difficult as I use security annotations extensively in my codebase and the exception stacktrace provides no clue where I should be looking.


      Any guidance will be greatly appreciated, or an explanation of how to correctly annotate classes/methods to satisfy the checks performed.


      Thank you, Andrew


      P.S. Merry Xmas to all.

      • 173 Views
      • Tags:
        • 1. Re: Seam Security 3.1 Final - Null pointer exception at AS7 startup
          smurfs.smurfsturf.googlemail.com
          smurfs.smurfsturf.googlemail.com Dec 22, 2011 6:08 AM (in response to smurfs.smurfsturf.googlemail.com)

          Stepped back, had a cup of coffee, and figured it out.


          I use interfaces and polymorphism quite a bit and had added security annotations to my interface method definitions (out of laziness I guess?). Moved the annotations to the implementing method/class and this now satisfies the annotation checks made at start-up in the SecurityExtension.class method:


          protected synchronized void registerSecuredMethod(Method method, Class<\?> targetClass) {
   ...
   //lines 301-302
   (Class<?> cls = targetClass;
   while (!cls.equals(Object.class)) { \\<- Throws NullPointerException as class expected, not interface
      ...
   }
   ...
}



          Obvious really, in hindsight...

            • Actions