Grant Gochnauer opened SPR-5135 and commented

http://forum.springframework.org/showthread.php?t=59618

I've run into a situation where accessing anything from a HttpServletRequest object in my session scoped bean throws an exception. This happens for example if I try to set an attribute on the request object or get a cookie with WebUtils.

I've found that the problem is easily reproducible when refreshing a page that uses a session scoped bean heavily. If I refresh the page every few seconds it seems to work for a while but eventually I'll still run into a problem where the HttpServletRequest object is "dead". The problem is bad because the only way for the application to recover is to restart the EAR. Requesting the page again just results in the same exception over and over.

The exception I am seeing is:
Caused by: java.lang.NullPointerException
at com.ibm.ws.webcontainer.srt.SRTServletRequest$SRTServletRequestHelper.access$1500(SRTServletRequest.java:2232)
at com.ibm.ws.webcontainer.srt.SRTServletRequest.parseParameters(SRTServletRequest.java:1420)
at com.ibm.ws.webcontainer.srt.SRTServletRequest.getParameter(SRTServletRequest.java:1090)
at javax.servlet.ServletRequestWrapper.getParameter(ServletRequestWrapper.java:203)
at org.springframework.security.wrapper.SavedRequestAwareWrapper.getParameter(SavedRequestAwareWrapper.java:261)

I've also tried removing Spring Security to reduce the variables in this problem but that had no effect.

My session scoped bean makes heavy use of:
@Autowired
private HttpServletRequest request;

Affects: 2.5.5