[GERONIMO-646] Servlet calling HttpServletRequest.isUserInRole(null) causes NPE using Jetty container - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.0-M4
Fix Version/s: 1.2, 2.0-M1
Component/s: web
Labels:
None
Environment:

All

Description

The servlet isUserInRole call eventually gets delegated to
org.apache.geronimo.jetty.JAASJettyRealm.isUserInRole, which causes a NPE in
javax.security.jacc.WebRoleRefPermission.hashCode().

JAASJettyRealm.isUserInRole creates a WebRoleRefPermission, passing it the
null role that it was passed, then delegates the role check to
java.security.AccessControlContext.checkPermission, passing it the WebRoleRefPermission.
When the web role ref permission gets checked, eventually its hashcode method is called,
which tries to compute the hash by getting the hashcode of the (null) role name,
which throws the NPE.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

WebRoleRefPermissionTest-patch.txt
13/May/05 04:21
0.9 kB
Tom McQueeney
WebRoleRefPermission-patch.txt
13/May/05 04:21
2 kB
Tom McQueeney
JAASJettyRealm-patch.txt
13/May/05 04:21
0.8 kB
Tom McQueeney

Activity

People

Assignee:: Alan Cabrera

Reporter:: Tom McQueeney

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 13/May/05 04:07

Updated:: 13/Dec/06 09:03

Resolved:: 13/Dec/06 09:03