You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/03/12 15:52:10 UTC

svn commit: r1576768 - in /tomcat/trunk: java/org/apache/catalina/realm/MemoryRealm.java test/org/apache/catalina/realm/TestMemoryRealm.java webapps/docs/changelog.xml

Author: markt
Date: Wed Mar 12 14:52:09 2014
New Revision: 1576768

URL: http://svn.apache.org/r1576768
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56246
Fix NullPointerException in MemoryRealm when authenticating an unknown user.

Added:
    tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java   (with props)
Modified:
    tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java?rev=1576768&r1=1576767&r2=1576768&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java Wed Mar 12 14:52:09 2014
@@ -113,7 +113,12 @@ public class MemoryRealm  extends RealmB
 
         GenericPrincipal principal = principals.get(username);
 
-        boolean validated = compareCredentials(credentials, principal.getPassword());
+        boolean validated;
+        if (principal == null) {
+            validated = false;
+        } else {
+            validated = compareCredentials(credentials, principal.getPassword());
+        }
 
         if (validated) {
             if (log.isDebugEnabled())

Added: tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java?rev=1576768&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java (added)
+++ tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java Wed Mar 12 14:52:09 2014
@@ -0,0 +1,37 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements.  See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.catalina.realm;
+
+import java.security.Principal;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class TestMemoryRealm {
+
+    /**
+     * Unknown user triggers NPE.
+     */
+    @Test
+    public void testBug56246() {
+        MemoryRealm memoryRealm = new MemoryRealm();
+
+        Principal p = memoryRealm.authenticate("foo", "bar");
+
+        Assert.assertNull(p);
+    }
+}

Propchange: tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1576768&r1=1576767&r2=1576768&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Mar 12 14:52:09 2014
@@ -108,6 +108,10 @@
         Add methods of get the idle time from last client access time to
         <code>org.apache.catalina.Session</code>. (kfujino)
       </add>
+      <fix>
+        <bug>56246</bug>: Fix NullPointerException in MemoryRealm when
+        authenticating an unknown user. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org