SimpleAccountRealm fails with NPE
---------------------------------
Key: JSEC-51
URL: https://issues.apache.org/jira/browse/JSEC-51
Project: JSecurity
Issue Type: Bug
Components: Authentication (log-in)
Affects Versions: 1.0
Environment: java 1.6 standalone
Reporter: Csaba Nemeth
Testing a simple example based on the Quickstart.java, using
DefaultSecurityManager and PropertiesRealm with default user properties would
successfully login users listed in the properties file, but fails with NPE on
invalid usernames.
I get NPE from SimpleAccountRealm.doGetAuthenticationInfo(AuthenticationToken
token) method at this location:
if (account.isLocked()) {
throw new LockedAccountException("Account [" + account + "] is
locked.");
}
The variable account is null - as so it should be since it is not in the
authorizationCache. I was testing for the behaviour when unknown users are
trying to login.
Seemingly a null test and return null would fix this issue, as the caller
AuthenticationRealm.getAuthenticationInfo(AuthenticationToken token) handles
null return values.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
