You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Valentin Erastov <xi...@gmail.com> on 2009/07/14 06:26:20 UTC

SimpleAccountRealm.doGetAuthenticationInfo and NullPointerException

Hello,
Problem in JSecurity 0.9

I use PropertiesRealm, wich configure in web.xml

[main]
cacheManager = org.jsecurity.cache.HashtableCacheManager
realm = org.jsecurity.realm.text.PropertiesRealm
realm.resourcePath = classpath:users.properties
realm.cacheManager = $cacheManager

securityManager = org.jsecurity.web.DefaultWebSecurityManager
securityManager.realm = $realm

[filters]
jsecurity.loginUrl = /jsec/login

[urls]
/jsec/login = authc

/account/** = authc
/remoting/** = authc, roles[b2bClient], perms[remote:invoke:"lan,wan"]

When I try login with non existing username, I get NullPointerException at
org.jsecurity.realm.SimpleAccountRealm.doGetAuthenticationInfo(SimpleAccountRealm.java:143)


Problem in this place

SimpleAccount account = (SimpleAccount)
getAuthorizationCache().get(upToken.getUsername());

if (account.isLocked()) {....


Why no check to null for account and throw UnknownAccountException?


SimpleAccount account = (SimpleAccount)
getAuthorizationCache().get(upToken.getUsername());

if (account == null) {
  throw new UnknownAccountException();
}

if (account.isLocked()) {....