shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SHIRO-546) DefaultWebSessionManager onStart might produce nullPointer Exception
Date Wed, 25 May 2016 17:03:13 GMT

     [ https://issues.apache.org/jira/browse/SHIRO-546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Brian Demers updated SHIRO-546:
-------------------------------
    Fix Version/s:     (was: 1.2.5)
                   1.2.6

> DefaultWebSessionManager onStart might produce nullPointer Exception
> --------------------------------------------------------------------
>
>                 Key: SHIRO-546
>                 URL: https://issues.apache.org/jira/browse/SHIRO-546
>             Project: Shiro
>          Issue Type: Bug
>          Components: Session Management
>    Affects Versions: 1.2.4
>            Reporter: Ariel Isaac
>              Labels: easyfix, newbie, patch
>             Fix For: 1.3.0, 2.0.0, 1.2.6
>
>   Original Estimate: 25m
>  Remaining Estimate: 25m
>
> DefaultWebSessionManager#onStart() when you get the HttpServletRequest it might be null
a throw a null pointer exception so it might need a little validation 
> from
> {code}   @Override
>     protected void onStart(Session session, SessionContext context) {
>         super.onStart(session, context);
>         if (!WebUtils.isHttp(context)) {
>             log.debug("SessionContext argument is not HTTP compatible or does not have
an HTTP request/response " +
>                     "pair. No session ID cookie will be set.");
>             return;
>         }
>         HttpServletRequest request = WebUtils.getHttpRequest(context);
>         HttpServletResponse response = WebUtils.getHttpResponse(context);
>         if (isSessionIdCookieEnabled()) {
>             Serializable sessionId = session.getId();
>             storeSessionId(sessionId, request, response);
>         } else {
>             log.debug("Session ID cookie is disabled.  No cookie has been set for new
session with id {}", session.getId());
>         }
>         request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
>         request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
>     }{code}
> to 
> {code}    @Override
>     protected void onStart(Session session, SessionContext context) {
>         super.onStart(session, context);
>         if (!WebUtils.isHttp(context)) {
>             log.debug("SessionContext argument is not HTTP compatible or does not have
an HTTP request/response " +
>                     "pair. No session ID cookie will be set.");
>             return;
>         }
>         HttpServletRequest request = WebUtils.getHttpRequest(context);
>         HttpServletResponse response = WebUtils.getHttpResponse(context);
>         if (isSessionIdCookieEnabled()) {
>             Serializable sessionId = session.getId();
>             storeSessionId(sessionId, request, response);
>         } else {
>             log.debug("Session ID cookie is disabled.  No cookie has been set for new
session with id {}", session.getId());
>         }
>         if (request != null) {
>             request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
>             request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
>         }
>         
>     }{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message