[Geoserver-devel] [JIRA] (GEOS-9257) BruteForceListener should skip doing its work if username in authentication is null

[Pascal Riquier (JIRA)]

Title: Message Title

Pascal Riquier created an issue   GeoServer / GEOS-9257 BruteForceListener should skip doing its work if username in authentication is null Issue Type: Bug Assignee: Unassigned Created: 18/Jun/19 1:21 PM Priority: Medium Reporter: Pascal Riquier // Yes, enabled, check for concurrent login attempt Authentication authentication = event.getAuthentication(); String name = getUserName(authentication); if (name == null) { LOGGER.warning( "Brute force attack prevention enabled, but Spring Authentication " + "does not provide a user name, skipping: " + authentication); } // do we have a delayed login in flight already? If so, kill this login attempt // no matter if successful or not final AtomicInteger counter = delayedUsers.get(name); If the username is null, the log message says to skip doing anything for this authentication, but the BruteForceListener goes on anyway, resulting in a NullPointerException thrown from the attempt to look up the username in the 'delayedUsers' ConcurrentHashMap. Better to put an 'else' statement after the 'if (name == null)' block, I assume. Add Comment   Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100104-sha1:ce3e8e1)

_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel