Created attachment 1049944 [details] reproducer bits Description of problem: The problem is pretty well described in the upstream BZ attached. The only thing that I can really add is that I can't get this to happen when using a web.xml, so it looks like either a problem caused by the @WebService, or how annotation processing in general. Version-Release number of selected component (if applicable): EAP 6.4.0 How reproducible: Every time. Steps to Reproduce: 1. Download the reproducer.tar attached and untar. 2. Apply the realm.patch to your default standalone.xml config. 3. Start EAP and deploy the provided EAR. 4. Execute curl as follows: curl -I -X POST --user admin:admin http://localhost:8080/hello/bean/ 5. Observe NPE in EAP server.log Actual results: EAP breakage due to NPE: $ curl -I -X POST --user admin:admin http://localhost:8080/hello/bean/ HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Transfer-Encoding: chunked Date: Wed, 08 Jul 2015 18:07:35 GMT 13:54:40,523 ERROR [org.apache.catalina.connector] (http-/127.0.0.1:8080-1) JBWEB001018: An exception or error occurred in the container during the request processing: java.lang.NullPointerException at org.apache.catalina.realm.RealmBase.findSecurityConstraints(RealmBase.java:502) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:413) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_79] Expected results: A 404 when the resource doesn't exist: $ curl -I -X POST --user admin:admin http://localhost:8080/hello/bean/ HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 1042 Date: Wed, 08 Jul 2015 18:00:08 GMT Additional info: Honestly I don't really agree with the fix here, but it was accepted upstream forever (5+ years) ago, so I supposed it is fine :) The real issue in my opinion is the fact that a toString() method returns null in the first place...see: src/main/java/org/apache/tomcat/util/buf/MessageBytes.java 197 /** Compute the string value 198 */ 199 public String toString() { 200 if( hasStrValue ) return strValue; 201 202 switch (type) { 203 case T_CHARS: 204 strValue=charC.toString(); 205 hasStrValue=true; 206 return strValue; 207 case T_BYTES: 208 strValue=byteC.toString(); 209 hasStrValue=true; 210 return strValue; 211 } 212 return null; 213 } We could better address the issue by not returning null, however it doesn't seem to affect anything else given the acceptance of the fix upstream. I just wanted to make sure that my objection was noted before I committed this rev.
Pushed r2618 to fix. https://source.jboss.org/changelog/JBossWeb?cs=2618
Verified with EAP 6.4.3.CP.CR1
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.