This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a5f34d6de0 Avoid potential NPEs. Identified by Coverity.
a5f34d6de0 is described below
commit a5f34d6de0aeb2719c445f23553919a518c13983
Author: Mark Thomas <[email protected]>
AuthorDate: Fri May 8 14:15:37 2026 +0100
Avoid potential NPEs. Identified by Coverity.
---
java/org/apache/catalina/realm/LockOutRealm.java | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/catalina/realm/LockOutRealm.java
b/java/org/apache/catalina/realm/LockOutRealm.java
index e23c4fac7e..e019a9c643 100644
--- a/java/org/apache/catalina/realm/LockOutRealm.java
+++ b/java/org/apache/catalina/realm/LockOutRealm.java
@@ -222,9 +222,7 @@ public class LockOutRealm extends CombinedRealm {
* @return true if the user is locked, false otherwise
*/
public boolean isLocked(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
+ username = normalizeUsername(username);
LockRecord lockRecord;
synchronized (this) {
lockRecord = failedUsers.get(username);
@@ -247,11 +245,8 @@ public class LockOutRealm extends CombinedRealm {
* After successful authentication, any record of previous authentication
failure is removed.
*/
private synchronized void registerAuthSuccess(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
// Successful authentication means removal from the list of failed
users
- failedUsers.remove(username);
+ failedUsers.remove(normalizeUsername(username));
}
@@ -259,9 +254,7 @@ public class LockOutRealm extends CombinedRealm {
* After a failed authentication, add the record of the failed
authentication.
*/
private void registerAuthFailure(String username) {
- if (!getCaseSensitive()) {
- username = username.toLowerCase(Locale.ROOT);
- }
+ username = normalizeUsername(username);
LockRecord lockRecord;
synchronized (this) {
if (!failedUsers.containsKey(username)) {
@@ -383,6 +376,14 @@ public class LockOutRealm extends CombinedRealm {
}
+ private String normalizeUsername(String username) {
+ if (username != null && !getCaseSensitive()) {
+ return username.toLowerCase(Locale.ROOT);
+ }
+ return username;
+ }
+
+
/**
* Internal record to track lock state for a user.
*/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
