1 Reply Latest reply on Dec 22, 2011 6:08 AM by Andrew Murphy

    Seam Security 3.1 Final - Null pointer exception at AS7 startup

    Andrew Murphy Newbie

      Hi Jason, Shane, all,

      Thanks for all your hard work in getting Seam 3.1 final out!

      I've just tried the seam-security-3.1.0.Final library but I am getting a NullPointerException when I launch my webapp (in JBoss AS7). I've upgraded from 3.1.0.CR1. From what I can ascertain the specific error relates to the changes implemented in SEAMSECURITY-127. Here is a stacktrace snippet:

      09:16:04,378 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC00001: Failed to start service jboss.deployment.unit."curo.war".WeldService: org.jboss.msc.service.StartException in service jboss.deployment.unit."curo.war".WeldService: org.jboss.weld.exceptions.DefinitionException: Exception List with 1 exceptions:
      Exception 0 :
           at org.jboss.seam.security.SecurityExtension.registerSecuredMethod(SecurityExtension.java:302)
           at org.jboss.seam.security.SecurityExtension.validateBindings(SecurityExtension.java:246)

      I understand that SEAMSECURITY-127 has introduced additional security annotation checks at start-up but I can't figure out what I need to change in my code to prevent these null pointer exceptions. This is all the more difficult as I use security annotations extensively in my codebase and the exception stacktrace provides no clue where I should be looking.

      Any guidance will be greatly appreciated, or an explanation of how to correctly annotate classes/methods to satisfy the checks performed.

      Thank you, Andrew

      P.S. Merry Xmas to all.

        • 1. Re: Seam Security 3.1 Final - Null pointer exception at AS7 startup
          Andrew Murphy Newbie

          Stepped back, had a cup of coffee, and figured it out.

          I use interfaces and polymorphism quite a bit and had added security annotations to my interface method definitions (out of laziness I guess?). Moved the annotations to the implementing method/class and this now satisfies the annotation checks made at start-up in the SecurityExtension.class method:

          protected synchronized void registerSecuredMethod(Method method, Class<\?> targetClass) {
             //lines 301-302
             (Class<?> cls = targetClass;
             while (!cls.equals(Object.class)) { \\<- Throws NullPointerException as class expected, not interface

          Obvious really, in hindsight...