[JBoss JIRA] (ISPN-6258) Authorication can fail with NPE when no subject is provided

Wednesday, 24 February 2016


Vojtech Juranek created ISPN-6258:
-------------------------------------

             Summary: Authorication can fail with NPE when no subject is provided
                 Key: ISPN-6258
                 URL: https://issues.jboss.org/browse/ISPN-6258
             Project: Infinispan
          Issue Type: Bug
          Components: Security
            Reporter: Vojtech Juranek
            Assignee: Vojtech Juranek


When user's subject is null, authorization on secured cache can fail with NPE bellow,
instead of logging {{SecurityException}}

{noformat}
15:14:47,795 ERROR [org.infinispan.server.hotrod.HotRodEncoder] (HotRodServerWorker-9-1)
ISPN005022: Exception writing response with messageId=2: java.lang.NullPointerException   
                                                         
        at
org.infinispan.security.impl.CachePrincipalPair.<init>(CachePrincipalPair.java:17)  
                                                                                          
                                                  
        at
org.infinispan.security.impl.AuthorizationHelper.checkSubjectPermissionAndRole(AuthorizationHelper.java:103)
                                                                                          
                          
        at
org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:76)
                                                                                          
                                         
        at
org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:37)
                                                                                          
                               
{noformat}


--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009