Author: remy.maucherat(a)jboss.com Date: 2009-02-25 11:52:17 -0500 (Wed, 25 Feb 2009) New Revision: 942 Modified: trunk/java/org/apache/catalina/realm/DataSourceRealm.java trunk/java/org/apache/catalina/realm/JDBCRealm.java trunk/java/org/apache/catalina/realm/MemoryRealm.java trunk/webapps/docs/changelog.xml Log: - Fix possible NPE in realm auth process. Modified: trunk/java/org/apache/catalina/realm/DataSourceRealm.java =================================================================== --- trunk/java/org/apache/catalina/realm/DataSourceRealm.java 2009-02-25 14:37:49 UTC (rev 941) +++ trunk/java/org/apache/catalina/realm/DataSourceRealm.java 2009-02-25 16:52:17 UTC (rev 942) @@ -270,8 +270,9 @@ */ public Principal authenticate(String username, String credentials) { - // No user - can't possibly authenticate, don't bother the database then - if (username == null) { + // No user or no credentials + // Can't possibly authenticate, don't bother the database then + if (username == null || credentials == null) { return null; } Modified: trunk/java/org/apache/catalina/realm/JDBCRealm.java =================================================================== --- trunk/java/org/apache/catalina/realm/JDBCRealm.java 2009-02-25 14:37:49 UTC (rev 941) +++ trunk/java/org/apache/catalina/realm/JDBCRealm.java 2009-02-25 16:52:17 UTC (rev 942) @@ -329,6 +329,12 @@ */ public synchronized Principal authenticate(String username, String credentials) { + // No user or no credentials + // Can't possibly authenticate, don't bother the database then + if (username == null || credentials == null) { + return null; + } + // Number of tries is the numebr of attempts to connect to the database // during this login attempt (if we need to open the database) // This needs rewritten wuth better pooling support, the existing code @@ -387,15 +393,10 @@ * @param credentials Password or other credentials to use in * authenticating this username */ - public synchronized Principal authenticate(Connection dbConnection, + protected synchronized Principal authenticate(Connection dbConnection, String username, String credentials) { - // No user - can't possibly authenticate - if (username == null) { - return (null); - } - // Look up the user's credentials String dbCredentials = getPassword(username); Modified: trunk/java/org/apache/catalina/realm/MemoryRealm.java =================================================================== --- trunk/java/org/apache/catalina/realm/MemoryRealm.java 2009-02-25 14:37:49 UTC (rev 941) +++ trunk/java/org/apache/catalina/realm/MemoryRealm.java 2009-02-25 16:52:17 UTC (rev 942) @@ -147,7 +147,7 @@ (GenericPrincipal) principals.get(username); boolean validated = false; - if (principal != null) { + if (principal != null && credentials != null) { if (hasMessageDigest()) { // Hex hashes should be compared case-insensitive validated = (digest(credentials) Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2009-02-25 14:37:49 UTC (rev 941) +++ trunk/webapps/docs/changelog.xml 2009-02-25 16:52:17 UTC (rev 942) @@ -50,6 +50,9 @@ </subsection> <subsection name="Catalina"> <changelog> + <fix> + NPE in various realms. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote">