Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

NullReferenceException "Object reference not set to an instance of an object." When using API Keys with concurrent requests

Description

If using an API Key, sometimes if one request is serviced before another with the same key has finished, you may get this error.

The following C# console application will quickly replicate the issue - this can be replicated on demo data - just create an API key for the Admin staff member, and then configure and start the service.

Disable all plugins except the REST API plugin.

Then start the app - error occurs within a minute or two with my testing.

Error text indicates it is related to the CustomFieldCollection.Read()

{"ResponseStatus":{"ErrorCode":"NullReferenceException","Message":"Object reference not set to an instance of an object.","StackTrace":"[GoodsReceivedNoteGETRequest: 2/2/2022 4:14:16 AM]:\n[REQUEST: {GRNID:29B31D7C54F74F929EEB}]\nSystem.NullReferenceException: Object reference not set to an instance of an object.\r\n at Microsoft.VisualBasic.Collection.GetEnumerator()\r\n at JiwaFinancials.Jiwa.JiwaApplication.JiwaCollection`1.GetEnumerator() in C:\\VSTS
Jiwa 7\\07.02.00\\JiwaApplication
JiwaCollection.vb:line 230\r\n at JiwaFinancials.Jiwa.JiwaApplication.CustomFields.CustomFieldCollection.Read() in C:\\VSTS
Jiwa 7\\07.02.00\\JiwaApplication\\CustomFields
CustomFieldCollection.vb:line 86\r\n at JiwaFinancials.Jiwa.JiwaInvReceival.Receival.Setup() in C:\\VSTS
Jiwa 7\\07.02.00\\JiwaInvReceival
Receival.vb:line 547\r\n at JiwaFinancials.Jiwa.JiwaApplication.BusinessLogicFactory.CreateBusinessLogic[BusinessLogicType](IJiwaForm Client) in C:\\VSTS
Jiwa 7\\07.02.00\\JiwaApplication\\Factory
BusinessLogicFactory.vb:line 41\r\n at JiwaFinancials.Jiwa.JiwaServiceModel.Helper.Service.GetMaintenanceBusinessLogic[T](Manager Manager, Service Service, String ObjectDictionaryKey, Action`3 PostFactoryCreateAction) in c:\\ProgramData
Jiwa Financials
Jiwa 7\\7.2.1\\SYSTEM\\localhost\\JiwaDemo721-5\\Plugins\\Admin\\Compile
REST API
REST API.cs:line 25913\r\n at JiwaFinancials.Jiwa.JiwaServiceModel.GoodsReceivedNoteServices.Get(GoodsReceivedNoteGETRequest request) in c:\\ProgramData
Jiwa Financials
Jiwa 7\\7.2.1\\SYSTEM\\localhost\\JiwaDemo721-5\\Plugins\\Admin\\Compile
REST API
REST API.cs:line 8141\r\n at lambda_method(Closure , Object , Object )\r\n at ServiceStack.Host.ServiceRunner`1.<ExecuteAsync>d__13.MoveNext()","Errors":[]}}

However, in my tests I had disabled all plugins except the REST API, so no custom fields were enabled.

Environment

None

Attachments

2

Activity

Mike Sheen11 February 2023 at 03:51

Passed testing.

Mike Sheen8 February 2023 at 02:49
Edited

Re-posting the changes made summary so it’s at the top and doesn’t get lost - this DEV issue is linked by the release notes page and it is important this information is not buried.

Changes made:

  1. Modified Manager to implement IDisposable - so using a using statement when creating a manager will log off its SQL connection and clean itself up. So the REST API plugin version 7.2.1.33 or later requires 7.2.1 SR15 or later.

  2. Modified all services which were using GetManager() extension method to use a using statement.

  3. Modified GetManager() extension to create a manager and logon instead of retrieving from a static collection. This means requests which required a manager in their service will perform a logon at the time of the request, instead of trying to keep a manager per session.

  4. Modified credentials and API Key auth to generate a HashSet of permissions and store that in the session. A global request filter examines this HashSet to see if the authenticated user has permission for the request - this works for AutoQuery requests as well.

  5. Extended the session object by re-introducing JiwaAuthUserSession which inherits the ServiceStack session. This object adds a couple of new fields: APIKey_Type, APIKey_PrincipalID, CredentialsPassword, StaffID and AllowedRoutePermissions

  6. Debtor API Key request filters and responses now look at the JiwaAuthUserSession properties APIKey_Type and APIKey_PrincipalID to perform their function of restricting requests and responses.

  7. Removed all references to jiwa-stateful - stateful requests are no longer implemented or supported.

Changes required by 3rd party plugins which add custom routes:

if they used this line in their service code:

they should now wrap their code in using which gets the Manager from the Request:

Mike Sheen8 February 2023 at 02:49
Edited

This now fixed

What Stuart is referring to here is the Jiwa Staff ID is now a property of the session information.

Modified Point 5. of the change summary to reflect this:

Extended the session object by re-introducing JiwaAuthUserSession which inherits the ServiceStack session. This object adds a couple of new fields: APIKey_Type, APIKey_PrincipalID, CredentialsPassword, StaffID and AllowedRoutePermissions

So, /Staff/Current and /Staff/Current/List both return the Jiwa Staff ID in the response, as does /sessions (if debug mode is enabled).

Example response from /sessions:

Stuart Barnes8 February 2023 at 02:00

This now fixed

Stuart Barnes25 January 2023 at 01:55

This has been failed because we are adding the staff id to be stored in the session at login, getting the current user will be fixed at the same time.

Done

Details

Assignee

Reporter

Components

Fix versions

Priority

Created 2 February 2022 at 03:42
Updated 3 March 2025 at 06:18
Resolved 3 February 2022 at 01:38