[
https://issues.apache.org/struts/browse/WW-3150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=46336#action_46336
]
James Peltzer commented on WW-3150:
-----------------------------------
Thanks for the quick fix.
Unfortunately, there is another area in the TokenSessionStoreInterceptor.java
used right after the call to getToken that assumes the token name is non-null.
I had to also add a null check there to prevent the NPE.
String tokenName = TokenHelper.getTokenName();
String token = TokenHelper.getToken(tokenName);
Map params = ac.getParameters();
params.remove(tokenName); //ALSO NEEDS A NULL CHECK
> TokenSessionStoreInterceptor fails with NPE when no token is provided.
> ----------------------------------------------------------------------
>
> Key: WW-3150
> URL: https://issues.apache.org/struts/browse/WW-3150
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.6
> Environment: N/A
> Reporter: James Peltzer
> Assignee: Wes Wannemacher
> Fix For: 2.1.7
>
>
> TokenSessionStoreInterceptor fails when no token is provided.
> java.lang.NullPointerException at java.util.TreeMap.getEntry(Unknown Source)
> at java.util.TreeMap.get(Unknown Source) at
> org.apache.struts2.util.TokenHelper.getToken(TokenHelper.java:101) at
> org.apache.struts2.interceptor.TokenSessionStoreInterceptor.handleInvalidToken(TokenSessionStoreInterceptor.java:117)
> at
> org.apache.struts2.interceptor.TokenInterceptor.doIntercept(TokenInterceptor.java:141)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
>
> ...
> It looks like it could be solved if the TokenHelper class checks to make sure
> it isn't trying to look up a null token name and just returns null
> immediately.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
