[
https://issues.apache.org/jira/browse/SLING-8711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16935192#comment-16935192
]
Carsten Ziegeler commented on SLING-8711:
-----------------------------------------
[~enorman] Our API is a little bit unclear whether AuthenticationInfo#getUser
must return a user for this case. It can be interpreted in a way that null is a
valid value. And it depends in an AuthenticationHandler to ensure this; as
AuthenticationHandlers are plugins potentially written outside of Sling, we can
check/fix that code *if* we would require getUser to return something.
Now, before the event sending was introduced, returning null worked and didn't
cause problems. The newly introduced event handling code broke the previous
behaviour.
Or in short: I think it's fine to check for null to not break anything; I also
think it would be good to fix handlers returning no user.
> NPE when auth failed event is sent
> ----------------------------------
>
> Key: SLING-8711
> URL: https://issues.apache.org/jira/browse/SLING-8711
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.4.4
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Priority: Blocker
> Fix For: Auth Core 1.4.6
>
>
> Some auth info might be null when the authentication failed which then
> results in an NPE when sending the event:
> java.lang.NullPointerException
> at java.util.Hashtable.put(Hashtable.java:460)
> at
> org.apache.sling.auth.core.impl.SlingAuthenticator.postLoginFailedEvent(SlingAuthenticator.java:1541)
> at
> org.apache.sling.auth.core.impl.SlingAuthenticator.getResolver(SlingAuthenticator.java:840)
> at
> org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:518)
> at
> org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:462)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
