geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom McQueeney (JIRA)" <...@geronimo.apache.org>
Subject [jira] Created: (GERONIMO-646) Servlet calling HttpServletRequest.isUserInRole(null) causes NPE using Jetty container
Date Thu, 12 May 2005 19:09:10 GMT
Servlet calling HttpServletRequest.isUserInRole(null) causes NPE using Jetty container
--------------------------------------------------------------------------------------

         Key: GERONIMO-646
         URL: http://issues.apache.org/jira/browse/GERONIMO-646
     Project: Geronimo
        Type: Bug
  Components: web  
    Versions: 1.0-M4    
 Environment: All
    Reporter: Tom McQueeney
    Priority: Minor


The servlet isUserInRole call eventually gets delegated to
org.apache.geronimo.jetty.JAASJettyRealm.isUserInRole, which causes a NPE in 
javax.security.jacc.WebRoleRefPermission.hashCode().

JAASJettyRealm.isUserInRole creates a WebRoleRefPermission, passing it the 
null role that it was passed, then delegates the role check to 
java.security.AccessControlContext.checkPermission, passing it the WebRoleRefPermission.
When the web role ref permission gets checked, eventually its hashcode method is called,
which tries to compute the hash by getting the hashcode of the (null) role name,
which throws the NPE.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message