shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (SHIRO-546) DefaultWebSessionManager onStart might produce nullPointer Exception
Date Thu, 07 Jul 2016 19:44:11 GMT

     [ https://issues.apache.org/jira/browse/SHIRO-546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Brian Demers resolved SHIRO-546.
--------------------------------
       Resolution: Cannot Reproduce
    Fix Version/s:     (was: 1.3.0)

I was trying to write a test for this, and I cannot see a case where the request would be
null,  WebUtils.isHttp(context) checks for this.

Also, if the request is null, I'm guessing there would be issues with the cookie storage as
well.

Can you provide an example or a test case that can reproduce this ?

> DefaultWebSessionManager onStart might produce nullPointer Exception
> --------------------------------------------------------------------
>
>                 Key: SHIRO-546
>                 URL: https://issues.apache.org/jira/browse/SHIRO-546
>             Project: Shiro
>          Issue Type: Bug
>          Components: Session Management
>    Affects Versions: 1.2.4
>            Reporter: Ariel Isaac
>              Labels: easyfix, newbie, patch
>   Original Estimate: 25m
>  Remaining Estimate: 25m
>
> DefaultWebSessionManager#onStart() when you get the HttpServletRequest it might be null
a throw a null pointer exception so it might need a little validation 
> from
> {code}   @Override
>     protected void onStart(Session session, SessionContext context) {
>         super.onStart(session, context);
>         if (!WebUtils.isHttp(context)) {
>             log.debug("SessionContext argument is not HTTP compatible or does not have
an HTTP request/response " +
>                     "pair. No session ID cookie will be set.");
>             return;
>         }
>         HttpServletRequest request = WebUtils.getHttpRequest(context);
>         HttpServletResponse response = WebUtils.getHttpResponse(context);
>         if (isSessionIdCookieEnabled()) {
>             Serializable sessionId = session.getId();
>             storeSessionId(sessionId, request, response);
>         } else {
>             log.debug("Session ID cookie is disabled.  No cookie has been set for new
session with id {}", session.getId());
>         }
>         request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
>         request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
>     }{code}
> to 
> {code}    @Override
>     protected void onStart(Session session, SessionContext context) {
>         super.onStart(session, context);
>         if (!WebUtils.isHttp(context)) {
>             log.debug("SessionContext argument is not HTTP compatible or does not have
an HTTP request/response " +
>                     "pair. No session ID cookie will be set.");
>             return;
>         }
>         HttpServletRequest request = WebUtils.getHttpRequest(context);
>         HttpServletResponse response = WebUtils.getHttpResponse(context);
>         if (isSessionIdCookieEnabled()) {
>             Serializable sessionId = session.getId();
>             storeSessionId(sessionId, request, response);
>         } else {
>             log.debug("Session ID cookie is disabled.  No cookie has been set for new
session with id {}", session.getId());
>         }
>         if (request != null) {
>             request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
>             request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
>         }
>         
>     }{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message