[ http://issues.apache.org/jira/browse/GERONIMO-646?page=comments#action_12449846 ] Matt Hogstrom commented on GERONIMO-646: ----------------------------------------
Jeff...is this still an issue? > Servlet calling HttpServletRequest.isUserInRole(null) causes NPE using Jetty > container > -------------------------------------------------------------------------------------- > > Key: GERONIMO-646 > URL: http://issues.apache.org/jira/browse/GERONIMO-646 > Project: Geronimo > Issue Type: Bug > Components: web > Affects Versions: 1.0-M4 > Environment: All > Reporter: Tom McQueeney > Assigned To: Alan Cabrera > Priority: Minor > Fix For: 1.2 > > Attachments: JAASJettyRealm-patch.txt, > WebRoleRefPermission-patch.txt, WebRoleRefPermissionTest-patch.txt > > > The servlet isUserInRole call eventually gets delegated to > org.apache.geronimo.jetty.JAASJettyRealm.isUserInRole, which causes a NPE in > javax.security.jacc.WebRoleRefPermission.hashCode(). > JAASJettyRealm.isUserInRole creates a WebRoleRefPermission, passing it the > null role that it was passed, then delegates the role check to > java.security.AccessControlContext.checkPermission, passing it the > WebRoleRefPermission. > When the web role ref permission gets checked, eventually its hashcode method > is called, > which tries to compute the hash by getting the hashcode of the (null) role > name, > which throws the NPE. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira