[
https://issues.apache.org/jira/browse/SHIRO-661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francois Papon resolved SHIRO-661.
----------------------------------
Resolution: Fixed
> Add check for the principal of subject whether is null
> ------------------------------------------------------
>
> Key: SHIRO-661
> URL: https://issues.apache.org/jira/browse/SHIRO-661
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Reporter: Francois Papon
> Assignee: Francois Papon
> Priority: Major
> Fix For: 1.5.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> When session is based on servlet container(such as tomcat),if the subject is
> authenticated,the session will contains {{AUTHENTICATED_SESSION_KEY}} and
> {{PRINCIPALS_SESSION_KEY}}。
> When servlet container closed, it may will be persist session.
> But if the principal can not be serializable, it will not be persisted; when
> server restart, session will only contains {{AUTHENTICATED_SESSION_KEY}} info
> ,the {{PRINCIPALS_SESSION_KEY}} will be lost,
> it means the subject is authenticated, but the subject does not has
> principal. If the user code is
> {code:java}
> User u = subject.getPrincipal();
> // because the u if null, it will be npe
> u.getName();{code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
