Skip to content

Bug Report: [7.2025.1] NullPointerException in Policy #7772

New issue
New issue
Open
Open
Bug Report: [7.2025.1] NullPointerException in Policy#7772
Assignees
juansierra24
Labels
Status: AcceptedConfirmed defect or accepted improvement to implement, issue has been escalated to Platform DevType: BugLabel issue as a bug defect
@ctabin

Description

@ctabin
ctabin
opened on Nov 14, 2025

Brief Summary

Hi,

After fixing our domain.xml in 7141, our application deploys. But once a request hits the facade, we hit again an NPE:

SEVERE @72.2025-11-12 16:01:42-526 [saierp.framework.facade.servlet.EntryPointServlet.handleException] Exception caught in Servlet
java.lang.NullPointerException: Cannot invoke "jakarta.security.jacc.PolicyConfiguration.getExcludedPermissions()" because the return value of "jakarta.security.jacc.PolicyConfigurationFactory.getPolicyConfiguration()" is null
	at org.glassfish.exousia.modules.def.DefaultPolicy.isExcluded(DefaultPolicy.java:50)
	at jakarta.security.jacc.Policy.implies(Policy.java:53)
	at org.glassfish.exousia.AuthorizationService.checkPermission(AuthorizationService.java:550)
	at org.glassfish.exousia.AuthorizationService.checkWebRoleRefPermission(AuthorizationService.java:463)
	at com.sun.enterprise.security.ee.authorization.WebAuthorizationManagerService.hasRoleRefPermission(WebAuthorizationManagerService.java:436)
	at com.sun.web.security.RealmAdapter.hasRole(RealmAdapter.java:1104)
	at org.apache.catalina.connector.Request.isUserInRole(Request.java:2772)
	at org.apache.catalina.connector.RequestFacade.isUserInRole(RequestFacade.java:814)
	at my.servlet.EntryPointServlet.processRequest(EntryPointServlet.java:334)
	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:653)
	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:723)
	at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1554)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:259)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:166)
	at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:757)
	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:577)
	at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:158)
	at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:366)

In the facade, we use a JDBCRealm to authenticate the user with request.login(user, password) and the checks the roles by invoking request.isUserInRole(...) and hit the NPE there.

We use payara-embedded-all with a programmatic deployment.

Expected Outcome

The request is authenticated and the roles can be checked.

Current Outcome

NullPointerException while calling request.isUserInRole.

Reproducer

Operating System

Linux Debian

JDK Version

OpenJDK 21

Payara Distribution

Payara Embedded All

Metadata

Metadata

Assignees

Labels

Status: AcceptedConfirmed defect or accepted improvement to implement, issue has been escalated to Platform DevType: BugLabel issue as a bug defect

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions