You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@fineract.apache.org by "Michael Vorburger (Jira)" <ji...@apache.org> on 2020/09/10 20:53:00 UTC

[jira] [Created] (FINERACT-1146) NPE at String.replace() at TenantAwareBasicAuthenticationFilter

Michael Vorburger created FINERACT-1146:
-------------------------------------------

             Summary: NPE at String.replace() at TenantAwareBasicAuthenticationFilter
                 Key: FINERACT-1146
                 URL: https://issues.apache.org/jira/browse/FINERACT-1146
             Project: Apache Fineract
          Issue Type: Bug
          Components: Security
            Reporter: Michael Vorburger


While exploring FINERACT-1145 for FINERACT-726, I've found that invoking {{/fineract-provider/api/oauth/token}} without {{{{-Psecurity=oauth}}}} causes an HTTP 500 Internal Server Error due to:

{noformat}SEVERE: Servlet.service() for servlet [dispatcherServlet] in context with path [/fineract-provider] 
threw exception 
java.lang.NullPointerException 
 at java.base/java.lang.String.replace(String.java:2142) 
 at org.apache.fineract.infrastructure.security.filter.TenantAwareBasicAuthenticationFilter.doFilterInternal(TenantAwareBasicAuthenticationFilter.java:131)
 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119){noformat}

Perhaps we could handle this more gracefully and return a better error (400-ish?) to the client.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)