[Bug 60694] New: Potential NullPointerException in AuthenticatorBase.getJaspicProvider()

Mon, 06 Feb 2017 01:04:22 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=60694

            Bug ID: 60694
           Summary: Potential NullPointerException in
                    AuthenticatorBase.getJaspicProvider()
           Product: Tomcat 8
           Version: 8.5.11
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: awilkin...@pivotal.io
  Target Milestone: ----

AuthenticatorBase.getJaspicProvider() can throw a NullPointerException. The
code in question is:

AuthConfigFactory factory = AuthConfigFactory.getFactory();
provider = factory.getConfigProvider("HttpServlet", jaspicAppContextID, this);

The javadoc for AuthConfigFactory.getFactory() states that it returns:

The non-null system-wide AuthConfigFactory instance set at the time of the
call, or if that value was null, the value of the system-wide factory instance
established by this method. This method returns null when the  system-wide
factory was not defined when this method was called and no default factory name
was defined via the security property.

When it returns null, a NullPointerException occurs:

java.lang.NullPointerException: null
            at
org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1192)
            at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
            at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
            at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
            at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
            at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
            at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
            at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
            at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
            at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)
            at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
            at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
            at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
            at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
            at java.lang.Thread.run(Thread.java:745)

This was originally reported against Spring Boot using embedded Tomcat when the
user also had javax:javaee-api on the classpath.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to