Return-Path: X-Original-To: apmail-cxf-issues-archive@www.apache.org Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CEED611271 for ; Mon, 7 Jul 2014 09:11:34 +0000 (UTC) Received: (qmail 11148 invoked by uid 500); 7 Jul 2014 09:11:34 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 11075 invoked by uid 500); 7 Jul 2014 09:11:34 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 10858 invoked by uid 99); 7 Jul 2014 09:11:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Jul 2014 09:11:34 +0000 Date: Mon, 7 Jul 2014 09:11:34 +0000 (UTC) From: "Sergey Beryozkin (JIRA)" To: issues@cxf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CXF-5803) Injection of SecurityContext MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CXF-5803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14053472#comment-14053472 ] Sergey Beryozkin commented on CXF-5803: --------------------------------------- That said, I think we both agree that it can make sense to investigate if the absence of ContextProviders can be determined early. If it becomes realistic to do then perhaps we can settle for a warning and resetting the injected field/property to null as you prefer. That would work too. > Injection of SecurityContext > ---------------------------- > > Key: CXF-5803 > URL: https://issues.apache.org/jira/browse/CXF-5803 > Project: CXF > Issue Type: Improvement > Components: JAX-RS > Affects Versions: 2.7.11 > Reporter: Andrei Shakirin > Assignee: Sergey Beryozkin > > Currently two different SecurityContext interfaces are available in CXF: > a) standard java: javax.ws.rs.core.SecurityContext > b) internal CXF: org.apache.cxf.security.SecurityContext > Context injection using @Context annotation works only for standard one. If user purposely or deliberately tries to inject internal CXF SecurityContext, access to it caused not very informative NLP: > {code} > Caused by: java.lang.NullPointerException > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at org.apache.cxf.jaxrs.impl.tl.ThreadLocalInvocationHandler.invoke(ThreadLocalInvocationHandler.java:36) > at com.sun.proxy.$Proxy5.getUserPrincipal(Unknown Source) > at demo.rs.security.SimpleCustomerService.getCustomer(SimpleCustomerService.java:26) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:181) > at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97) > ... 26 more > {code} > I would propose either to support injections of both contexts or provide more clear error message. -- This message was sent by Atlassian JIRA (v6.2#6252)