You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@fineract.apache.org by "Michael Vorburger (Jira)" <ji...@apache.org> on 2020/09/10 20:53:00 UTC
[jira] [Created] (FINERACT-1146) NPE at String.replace() at
TenantAwareBasicAuthenticationFilter
Michael Vorburger created FINERACT-1146:
-------------------------------------------
Summary: NPE at String.replace() at TenantAwareBasicAuthenticationFilter
Key: FINERACT-1146
URL: https://issues.apache.org/jira/browse/FINERACT-1146
Project: Apache Fineract
Issue Type: Bug
Components: Security
Reporter: Michael Vorburger
While exploring FINERACT-1145 for FINERACT-726, I've found that invoking {{/fineract-provider/api/oauth/token}} without {{{{-Psecurity=oauth}}}} causes an HTTP 500 Internal Server Error due to:
{noformat}SEVERE: Servlet.service() for servlet [dispatcherServlet] in context with path [/fineract-provider]
threw exception
java.lang.NullPointerException
at java.base/java.lang.String.replace(String.java:2142)
at org.apache.fineract.infrastructure.security.filter.TenantAwareBasicAuthenticationFilter.doFilterInternal(TenantAwareBasicAuthenticationFilter.java:131)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119){noformat}
Perhaps we could handle this more gracefully and return a better error (400-ish?) to the client.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)