Author: remy.maucherat(a)jboss.com
Date: 2009-02-25 11:52:17 -0500 (Wed, 25 Feb 2009)
New Revision: 942
Modified:
trunk/java/org/apache/catalina/realm/DataSourceRealm.java
trunk/java/org/apache/catalina/realm/JDBCRealm.java
trunk/java/org/apache/catalina/realm/MemoryRealm.java
trunk/webapps/docs/changelog.xml
Log:
- Fix possible NPE in realm auth process.
Modified: trunk/java/org/apache/catalina/realm/DataSourceRealm.java
===================================================================
--- trunk/java/org/apache/catalina/realm/DataSourceRealm.java 2009-02-25 14:37:49 UTC (rev
941)
+++ trunk/java/org/apache/catalina/realm/DataSourceRealm.java 2009-02-25 16:52:17 UTC (rev
942)
@@ -270,8 +270,9 @@
*/
public Principal authenticate(String username, String credentials) {
- // No user - can't possibly authenticate, don't bother the database then
- if (username == null) {
+ // No user or no credentials
+ // Can't possibly authenticate, don't bother the database then
+ if (username == null || credentials == null) {
return null;
}
Modified: trunk/java/org/apache/catalina/realm/JDBCRealm.java
===================================================================
--- trunk/java/org/apache/catalina/realm/JDBCRealm.java 2009-02-25 14:37:49 UTC (rev 941)
+++ trunk/java/org/apache/catalina/realm/JDBCRealm.java 2009-02-25 16:52:17 UTC (rev 942)
@@ -329,6 +329,12 @@
*/
public synchronized Principal authenticate(String username, String credentials) {
+ // No user or no credentials
+ // Can't possibly authenticate, don't bother the database then
+ if (username == null || credentials == null) {
+ return null;
+ }
+
// Number of tries is the numebr of attempts to connect to the database
// during this login attempt (if we need to open the database)
// This needs rewritten wuth better pooling support, the existing code
@@ -387,15 +393,10 @@
* @param credentials Password or other credentials to use in
* authenticating this username
*/
- public synchronized Principal authenticate(Connection dbConnection,
+ protected synchronized Principal authenticate(Connection dbConnection,
String username,
String credentials) {
- // No user - can't possibly authenticate
- if (username == null) {
- return (null);
- }
-
// Look up the user's credentials
String dbCredentials = getPassword(username);
Modified: trunk/java/org/apache/catalina/realm/MemoryRealm.java
===================================================================
--- trunk/java/org/apache/catalina/realm/MemoryRealm.java 2009-02-25 14:37:49 UTC (rev
941)
+++ trunk/java/org/apache/catalina/realm/MemoryRealm.java 2009-02-25 16:52:17 UTC (rev
942)
@@ -147,7 +147,7 @@
(GenericPrincipal) principals.get(username);
boolean validated = false;
- if (principal != null) {
+ if (principal != null && credentials != null) {
if (hasMessageDigest()) {
// Hex hashes should be compared case-insensitive
validated = (digest(credentials)
Modified: trunk/webapps/docs/changelog.xml
===================================================================
--- trunk/webapps/docs/changelog.xml 2009-02-25 14:37:49 UTC (rev 941)
+++ trunk/webapps/docs/changelog.xml 2009-02-25 16:52:17 UTC (rev 942)
@@ -50,6 +50,9 @@
</subsection>
<subsection name="Catalina">
<changelog>
+ <fix>
+ NPE in various realms. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">