This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 0dc80cf43a Silence coverity scan warning re possible NPE.
0dc80cf43a is described below
commit 0dc80cf43ae603fc35e0a5cd53deeedf41280f6f
Author: Mark Thomas <[email protected]>
AuthorDate: Sun Jan 18 14:24:53 2026 +0000
Silence coverity scan warning re possible NPE.
If ssoId is not null then sso should not be null either but add check
just in case there is a strange configuration where this can happen.
---
java/org/apache/catalina/authenticator/AuthenticatorBase.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index dd0a905ef0..bf778f73a6 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -941,7 +941,7 @@ public abstract class AuthenticatorBase extends ValveBase
implements Authenticat
// Check for a cached Principal. Most likely from SSO but could be
another component.
if (checkPrincipal) {
- if (ssoId != null && sso.getRequireReauthentication()) {
+ if (ssoId != null && sso != null &&
sso.getRequireReauthentication()) {
// There is a valid SSO session but SSO Valve won't have
cached the Principal.
sso.populateRequestFromSsoEntry(request, ssoId);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
