You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Csaba Nemeth (JIRA)" <ji...@apache.org> on 2009/01/29 23:15:59 UTC
[jira] Created: (JSEC-51) SimpleAccountRealm fails with NPE
SimpleAccountRealm fails with NPE
---------------------------------
Key: JSEC-51
URL: https://issues.apache.org/jira/browse/JSEC-51
Project: JSecurity
Issue Type: Bug
Components: Authentication (log-in)
Affects Versions: 1.0
Environment: java 1.6 standalone
Reporter: Csaba Nemeth
Testing a simple example based on the Quickstart.java, using DefaultSecurityManager and PropertiesRealm with default user properties would successfully login users listed in the properties file, but fails with NPE on invalid usernames.
I get NPE from SimpleAccountRealm.doGetAuthenticationInfo(AuthenticationToken token) method at this location:
if (account.isLocked()) {
throw new LockedAccountException("Account [" + account + "] is locked.");
}
The variable account is null - as so it should be since it is not in the authorizationCache. I was testing for the behaviour when unknown users are trying to login.
Seemingly a null test and return null would fix this issue, as the caller AuthenticationRealm.getAuthenticationInfo(AuthenticationToken token) handles null return values.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JSEC-51) SimpleAccountRealm fails with NPE
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-51?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood updated JSEC-51:
------------------------------
Fix Version/s: 1.0
> SimpleAccountRealm fails with NPE
> ---------------------------------
>
> Key: JSEC-51
> URL: https://issues.apache.org/jira/browse/JSEC-51
> Project: JSecurity
> Issue Type: Bug
> Components: Authentication (log-in)
> Affects Versions: 1.0
> Environment: java 1.6 standalone
> Reporter: Csaba Nemeth
> Fix For: 1.0
>
>
> Testing a simple example based on the Quickstart.java, using DefaultSecurityManager and PropertiesRealm with default user properties would successfully login users listed in the properties file, but fails with NPE on invalid usernames.
> I get NPE from SimpleAccountRealm.doGetAuthenticationInfo(AuthenticationToken token) method at this location:
> if (account.isLocked()) {
> throw new LockedAccountException("Account [" + account + "] is locked.");
> }
> The variable account is null - as so it should be since it is not in the authorizationCache. I was testing for the behaviour when unknown users are trying to login.
> Seemingly a null test and return null would fix this issue, as the caller AuthenticationRealm.getAuthenticationInfo(AuthenticationToken token) handles null return values.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Moved: (KI-9) SimpleAccountRealm fails with NPE
Posted by "Alan Cabrera (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KI-9?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alan Cabrera moved JSEC-51 to KI-9:
-----------------------------------
Fix Version/s: (was: 1.0)
Component/s: (was: Authentication (log-in))
Affects Version/s: (was: 1.0)
Key: KI-9 (was: JSEC-51)
Project: Ki (was: JSecurity)
> SimpleAccountRealm fails with NPE
> ---------------------------------
>
> Key: KI-9
> URL: https://issues.apache.org/jira/browse/KI-9
> Project: Ki
> Issue Type: Bug
> Environment: java 1.6 standalone
> Reporter: Csaba Nemeth
> Assignee: Jeremy Haile
>
> Testing a simple example based on the Quickstart.java, using DefaultSecurityManager and PropertiesRealm with default user properties would successfully login users listed in the properties file, but fails with NPE on invalid usernames.
> I get NPE from SimpleAccountRealm.doGetAuthenticationInfo(AuthenticationToken token) method at this location:
> if (account.isLocked()) {
> throw new LockedAccountException("Account [" + account + "] is locked.");
> }
> The variable account is null - as so it should be since it is not in the authorizationCache. I was testing for the behaviour when unknown users are trying to login.
> Seemingly a null test and return null would fix this issue, as the caller AuthenticationRealm.getAuthenticationInfo(AuthenticationToken token) handles null return values.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (JSEC-51) SimpleAccountRealm fails with NPE
Posted by "Jeremy Haile (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-51?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeremy Haile resolved JSEC-51.
------------------------------
Resolution: Fixed
Assignee: Jeremy Haile
> SimpleAccountRealm fails with NPE
> ---------------------------------
>
> Key: JSEC-51
> URL: https://issues.apache.org/jira/browse/JSEC-51
> Project: JSecurity
> Issue Type: Bug
> Components: Authentication (log-in)
> Affects Versions: 1.0
> Environment: java 1.6 standalone
> Reporter: Csaba Nemeth
> Assignee: Jeremy Haile
> Fix For: 1.0
>
>
> Testing a simple example based on the Quickstart.java, using DefaultSecurityManager and PropertiesRealm with default user properties would successfully login users listed in the properties file, but fails with NPE on invalid usernames.
> I get NPE from SimpleAccountRealm.doGetAuthenticationInfo(AuthenticationToken token) method at this location:
> if (account.isLocked()) {
> throw new LockedAccountException("Account [" + account + "] is locked.");
> }
> The variable account is null - as so it should be since it is not in the authorizationCache. I was testing for the behaviour when unknown users are trying to login.
> Seemingly a null test and return null would fix this issue, as the caller AuthenticationRealm.getAuthenticationInfo(AuthenticationToken token) handles null return values.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.