This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new e4de129bb4 Avoid potential NPEs. Identified by Coverity.
e4de129bb4 is described below
commit e4de129bb4d701a9533ad7048d855cb5102b6698
Author: Mark Thomas <[email protected]>
AuthorDate: Fri May 8 14:15:37 2026 +0100
Avoid potential NPEs. Identified by Coverity.
---
java/org/apache/catalina/realm/LockOutRealm.java | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/catalina/realm/LockOutRealm.java
b/java/org/apache/catalina/realm/LockOutRealm.java
index e23c4fac7e..e019a9c643 100644
--- a/java/org/apache/catalina/realm/LockOutRealm.java
+++ b/java/org/apache/catalina/realm/LockOutRealm.java
@@ -222,9 +222,7 @@ public class LockOutRealm extends CombinedRealm {
* @return true if the user is locked, false otherwise
*/
public boolean isLocked(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
+ username = normalizeUsername(username);
LockRecord lockRecord;
synchronized (this) {
lockRecord = failedUsers.get(username);
@@ -247,11 +245,8 @@ public class LockOutRealm extends CombinedRealm {
* After successful authentication, any record of previous authentication
failure is removed.
*/
private synchronized void registerAuthSuccess(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
// Successful authentication means removal from the list of failed
users
- failedUsers.remove(username);
+ failedUsers.remove(normalizeUsername(username));
}
@@ -259,9 +254,7 @@ public class LockOutRealm extends CombinedRealm {
* After a failed authentication, add the record of the failed
authentication.
*/
private void registerAuthFailure(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
+ username = normalizeUsername(username);
LockRecord lockRecord;
synchronized (this) {
if (!failedUsers.containsKey(username)) {
@@ -383,6 +376,14 @@ public class LockOutRealm extends CombinedRealm {
}
+ private String normalizeUsername(String username) {
+ if (username != null && !getCaseSensitive()) {
+ return username.toLowerCase(Locale.ROOT);
+ }
+ return username;
+ }
+
+
/**
* Internal record to track lock state for a user.
*/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
