[
https://issues.apache.org/jira/browse/JSEC-51?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Les Hazlewood updated JSEC-51:
------------------------------
Fix Version/s: 1.0
> SimpleAccountRealm fails with NPE
> ---------------------------------
>
> Key: JSEC-51
> URL: https://issues.apache.org/jira/browse/JSEC-51
> Project: JSecurity
> Issue Type: Bug
> Components: Authentication (log-in)
> Affects Versions: 1.0
> Environment: java 1.6 standalone
> Reporter: Csaba Nemeth
> Fix For: 1.0
>
>
> Testing a simple example based on the Quickstart.java, using
> DefaultSecurityManager and PropertiesRealm with default user properties would
> successfully login users listed in the properties file, but fails with NPE on
> invalid usernames.
> I get NPE from SimpleAccountRealm.doGetAuthenticationInfo(AuthenticationToken
> token) method at this location:
> if (account.isLocked()) {
> throw new LockedAccountException("Account [" + account + "] is
> locked.");
> }
> The variable account is null - as so it should be since it is not in the
> authorizationCache. I was testing for the behaviour when unknown users are
> trying to login.
> Seemingly a null test and return null would fix this issue, as the caller
> AuthenticationRealm.getAuthenticationInfo(AuthenticationToken token) handles
> null return values.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
