I'm using Spring Boot 2.7.9 to create a website along with Spring OAuth2 and Google Auth. When I try to access the site, I'm getting the above error. I've traced it back a bit, but would like to hear from someone who knows the code better to help me determine what's wrong. Here's the exception stack trace.
java.lang.NullPointerException
at org.jboss.security.auth.message.config.JBossServerAuthConfig.getAuthContext(JBossServerAuthConfig.java:108)
at org.apache.catalina.authenticator.AuthenticatorBase.getJaspicState(AuthenticatorBase.java:773)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:619)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:891)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1784)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
It looks like the error is in this statement:
secDomain = (String) properties.get("security-domain");
and it seems that "properties" is null. The code around this line is this:
SecurityContext securityContext = SecurityActions.getSecurityContext();
if (securityContext != null)
{
secDomain = securityContext.getSecurityDomain();
}
else{
secDomain = (String) properties.get("security-domain");
so I'm assuming securityContext is null and should not be. This code, BTW, is just what I found online without doing a Git pull.
What would cause SecurityActions.getSecurityContext() to return null?
Also, as a side note, we would not have the NPE except for the way getAuthContext() was called. I think this is happening in AuthenticatorBase.java and here's a code snippet:
private JaspicState getJaspicState(AuthConfigProvider jaspicProvider, Request request, Response response,
boolean authMandatory) throws IOException {
...
try {
CallbackHandler callbackHandler = getCallbackHandler();
ServerAuthConfig serverAuthConfig = jaspicProvider.getServerAuthConfig("HttpServlet", jaspicAppContextID,
callbackHandler);
String authContextID = serverAuthConfig.getAuthContextID(jaspicState.messageInfo);
jaspicState.serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null); <--- Passing in null for properties
} catch (AuthException e) {
log.warn(sm.getString("authenticator.jaspicServerAuthContextFail"), e);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return null;
}
Oddly enough, this was solved by noticing what I thought was a completely different problem. My project uses a 'commons' project that I also created. In that, I had a problem in the pom.xml. I was specifying the "maven-compiler-plugin" but had left out the version and Eclipse was complaining. I then noticed that was the only one of my projects that was using that, while the rest used "spring-boot-maven-plugin", so I switched my commons pom to that one, and all of a sudden the original problem disappeared.