This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 5722a7b9d7 Avoid potential NPEs. Identified by Coverity.
5722a7b9d7 is described below
commit 5722a7b9d714d90de093fe2ac371683fee406bc9
Author: Mark Thomas <[email protected]>
AuthorDate: Fri May 8 14:15:37 2026 +0100
Avoid potential NPEs. Identified by Coverity.
---
java/org/apache/catalina/realm/LockOutRealm.java | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/catalina/realm/LockOutRealm.java
b/java/org/apache/catalina/realm/LockOutRealm.java
index 71158bc217..547d0cc881 100644
--- a/java/org/apache/catalina/realm/LockOutRealm.java
+++ b/java/org/apache/catalina/realm/LockOutRealm.java
@@ -220,9 +220,7 @@ public class LockOutRealm extends CombinedRealm {
* @return true if the user is locked, false otherwise
*/
public boolean isLocked(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
+ username = normalizeUsername(username);
LockRecord lockRecord;
synchronized (this) {
lockRecord = failedUsers.get(username);
@@ -245,11 +243,8 @@ public class LockOutRealm extends CombinedRealm {
* After successful authentication, any record of previous authentication
failure is removed.
*/
private synchronized void registerAuthSuccess(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
// Successful authentication means removal from the list of failed
users
- failedUsers.remove(username);
+ failedUsers.remove(normalizeUsername(username));
}
@@ -257,9 +252,7 @@ public class LockOutRealm extends CombinedRealm {
* After a failed authentication, add the record of the failed
authentication.
*/
private void registerAuthFailure(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
+ username = normalizeUsername(username);
LockRecord lockRecord;
synchronized (this) {
if (!failedUsers.containsKey(username)) {
@@ -381,6 +374,14 @@ public class LockOutRealm extends CombinedRealm {
}
+ private String normalizeUsername(String username) {
+ if (username != null && !getCaseSensitive()) {
+ return username.toLowerCase(Locale.ROOT);
+ }
+ return username;
+ }
+
+
/**
* Internal record to track lock state for a user.
*/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
