Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron) ------------------------------------------------------------------------------------------------ Key: WFLY-7965 URL: https://issues.jboss.org/browse/WFLY-7965 Project: WildFly Issue Type: Bug Components: Security Affects Versions: 11.0.0.Alpha1 Reporter: Martin Choma Assignee: Darran Lofthouse Coverity static-analysis scan found possible dereference null return value in following code {code:java|title=ServerAuthenticationContext.java} if (log.isTraceEnabled()) { log.tracef("Authorizing principal %s.", authenticationPrincipal.getName()); log.tracef("Authorizing against the following attributes: %s => %s", authorizationIdentity.getAttributes().keySet(), authorizationIdentity.getAttributes().values()); } {code} Coverity suppose null value could get here via {{AggregateSecurityRealm.Identity.getAuthorizationIdentity}} calling {{TokenSecurityRealm.TokenRealmIdentity.getAuthorizationIdentity}} {code:java|title=TokenRealmIdentity.java} @Override public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException { if (exists()) { return new AuthorizationIdentity() { @Override public Attributes getAttributes() { return claims; } }; } return null; } {code} https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=85537...