This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new db352ebb2c Avoid potential NPEs. Identified by Coverity.
db352ebb2c is described below
commit db352ebb2c0cfc0c2b6de69a7a966118f09ca30e
Author: Mark Thomas <[email protected]>
AuthorDate: Fri May 8 14:15:37 2026 +0100
Avoid potential NPEs. Identified by Coverity.
---
java/org/apache/catalina/realm/LockOutRealm.java | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/catalina/realm/LockOutRealm.java
b/java/org/apache/catalina/realm/LockOutRealm.java
index e3209e677f..5b999a2d2b 100644
--- a/java/org/apache/catalina/realm/LockOutRealm.java
+++ b/java/org/apache/catalina/realm/LockOutRealm.java
@@ -220,9 +220,7 @@ public class LockOutRealm extends CombinedRealm {
* @return true if the user is locked, false otherwise
*/
public boolean isLocked(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
+ username = normalizeUsername(username);
LockRecord lockRecord;
synchronized (this) {
lockRecord = failedUsers.get(username);
@@ -245,11 +243,8 @@ public class LockOutRealm extends CombinedRealm {
* After successful authentication, any record of previous authentication
failure is removed.
*/
private synchronized void registerAuthSuccess(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
// Successful authentication means removal from the list of failed
users
- failedUsers.remove(username);
+ failedUsers.remove(normalizeUsername(username));
}
@@ -257,9 +252,7 @@ public class LockOutRealm extends CombinedRealm {
* After a failed authentication, add the record of the failed
authentication.
*/
private void registerAuthFailure(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
+ username = normalizeUsername(username);
LockRecord lockRecord;
synchronized (this) {
if (!failedUsers.containsKey(username)) {
@@ -381,6 +374,14 @@ public class LockOutRealm extends CombinedRealm {
}
+ private String normalizeUsername(String username) {
+ if (username != null && !getCaseSensitive()) {
+ return username.toLowerCase(Locale.ROOT);
+ }
+ return username;
+ }
+
+
/**
* Internal record to track lock state for a user.
*/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
