-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sreyan,
On 9/7/15 2:17 PM, Sreyan Chakravarty wrote: > I have found the cause of the problem. It seems that there is no > null checking in the DataSourceRealm in Tomcat. What I mean is that > if a particular user does not exist in the database and is > credentials are returned as a null string then no null checking is > specified. > > I would like to open this as a bug. https://bz.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%208 Before you file a bug: 1. Make sure you test on Tomcat 8.0.26 2. Make sure you post a stack trace from the NPE 3. If you can provide a simple test-case, it would be helpful > The easiest solution is to write a custom Realm that provides the > null checking. The only problem is that now why am I not being > redirected to the error page if I provide a valid user with a wrong > password. If the authenticate() method returns false, then Tomcat should send the user to the form-error-page. It may not issue a redirect, but instead perform a forward. Is that a problem? > Please if anyone can tell me how to write a custom Realm then it > would be really appreciated. If this really is a bug, it should be fixed. I'm skeptical at this point, since nobody has reported this yet. It would be a fairly big bug. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV8DgVAAoJEBzwKT+lPKRYTfwP/A1tstT6mwueYnnjIT34HSji Tu8OasywHIVPmVQ07jC7pkvysCGtOegGyWuymAilDWNEqiBsNuUmnMMuL/jJNm1D 8GLb0V8tazbxlNWsHyQ7Gg8XPEDvuRWjzJVNpCrHDbdrwOhKz0DnejxjPyXpSGkq b2xyS+ay7iD8VLfohmclM6LD1Kp7+MdIwtnTPag5GvkAErwRQ9XmoByTVV1cZPbC JToYerhP1kMepfF1M9K+XSotkod1xWYvq21sz2AC7sV/0kdcwOyZ/NWYqZSSdvbt VlwQxcLqkliV6GRD/TRWduXrk36KwbNsgLNISTqjMwgBmL5HjLV7LmegL/kfK97u J0ijssLVs/NA5BahEzmmDN/q3PfYrc7HWYJTeutt4T9obwuLqIFOoHZHPVKHj5vr BZxWrgBVWULWw2MRpFooE4QiMaFHsLun7U/vLsKHT4ledJwPOt65UM0ARF06nZwV htQfMkVFzqaM51+ZyJn4WBtGSwkQM1Mk8BARl5dOcH319GERRQB3ttLqJbSfmSca PO38R6t3u0uvRmFHQqD11WHECEDWrt7rZbohyQSAX8acQb31pytrDPy4YsDDOk/o fLpJ3v92ZGlnr22E1epziE5/bVzUywVmPkBTymJDKotOvYApu1FjUBINfyftsK71 rc3wYFqoC35+Oy29vvek =ocBg -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org