You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Brian Demers (JIRA)" <ji...@apache.org> on 2016/07/07 19:44:11 UTC
[jira] [Resolved] (SHIRO-546) DefaultWebSessionManager onStart
might produce nullPointer Exception
[ https://issues.apache.org/jira/browse/SHIRO-546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Demers resolved SHIRO-546.
--------------------------------
Resolution: Cannot Reproduce
Fix Version/s: (was: 1.3.0)
I was trying to write a test for this, and I cannot see a case where the request would be null, WebUtils.isHttp(context) checks for this.
Also, if the request is null, I'm guessing there would be issues with the cookie storage as well.
Can you provide an example or a test case that can reproduce this ?
> DefaultWebSessionManager onStart might produce nullPointer Exception
> --------------------------------------------------------------------
>
> Key: SHIRO-546
> URL: https://issues.apache.org/jira/browse/SHIRO-546
> Project: Shiro
> Issue Type: Bug
> Components: Session Management
> Affects Versions: 1.2.4
> Reporter: Ariel Isaac
> Labels: easyfix, newbie, patch
> Original Estimate: 25m
> Remaining Estimate: 25m
>
> DefaultWebSessionManager#onStart() when you get the HttpServletRequest it might be null a throw a null pointer exception so it might need a little validation
> from
> {code} @Override
> protected void onStart(Session session, SessionContext context) {
> super.onStart(session, context);
> if (!WebUtils.isHttp(context)) {
> log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " +
> "pair. No session ID cookie will be set.");
> return;
> }
> HttpServletRequest request = WebUtils.getHttpRequest(context);
> HttpServletResponse response = WebUtils.getHttpResponse(context);
> if (isSessionIdCookieEnabled()) {
> Serializable sessionId = session.getId();
> storeSessionId(sessionId, request, response);
> } else {
> log.debug("Session ID cookie is disabled. No cookie has been set for new session with id {}", session.getId());
> }
> request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
> }{code}
> to
> {code} @Override
> protected void onStart(Session session, SessionContext context) {
> super.onStart(session, context);
> if (!WebUtils.isHttp(context)) {
> log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " +
> "pair. No session ID cookie will be set.");
> return;
> }
> HttpServletRequest request = WebUtils.getHttpRequest(context);
> HttpServletResponse response = WebUtils.getHttpResponse(context);
> if (isSessionIdCookieEnabled()) {
> Serializable sessionId = session.getId();
> storeSessionId(sessionId, request, response);
> } else {
> log.debug("Session ID cookie is disabled. No cookie has been set for new session with id {}", session.getId());
> }
> if (request != null) {
> request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
> }
>
> }{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)