You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/03/12 15:52:10 UTC
svn commit: r1576768 - in /tomcat/trunk:
java/org/apache/catalina/realm/MemoryRealm.java
test/org/apache/catalina/realm/TestMemoryRealm.java
webapps/docs/changelog.xml
Author: markt
Date: Wed Mar 12 14:52:09 2014
New Revision: 1576768
URL: http://svn.apache.org/r1576768
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56246
Fix NullPointerException in MemoryRealm when authenticating an unknown user.
Added:
tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java (with props)
Modified:
tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java?rev=1576768&r1=1576767&r2=1576768&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java Wed Mar 12 14:52:09 2014
@@ -113,7 +113,12 @@ public class MemoryRealm extends RealmB
GenericPrincipal principal = principals.get(username);
- boolean validated = compareCredentials(credentials, principal.getPassword());
+ boolean validated;
+ if (principal == null) {
+ validated = false;
+ } else {
+ validated = compareCredentials(credentials, principal.getPassword());
+ }
if (validated) {
if (log.isDebugEnabled())
Added: tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java?rev=1576768&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java (added)
+++ tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java Wed Mar 12 14:52:09 2014
@@ -0,0 +1,37 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.catalina.realm;
+
+import java.security.Principal;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class TestMemoryRealm {
+
+ /**
+ * Unknown user triggers NPE.
+ */
+ @Test
+ public void testBug56246() {
+ MemoryRealm memoryRealm = new MemoryRealm();
+
+ Principal p = memoryRealm.authenticate("foo", "bar");
+
+ Assert.assertNull(p);
+ }
+}
Propchange: tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1576768&r1=1576767&r2=1576768&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Mar 12 14:52:09 2014
@@ -108,6 +108,10 @@
Add methods of get the idle time from last client access time to
<code>org.apache.catalina.Session</code>. (kfujino)
</add>
+ <fix>
+ <bug>56246</bug>: Fix NullPointerException in MemoryRealm when
+ authenticating an unknown user. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org