Author: remy.maucherat(a)jboss.com
Date: 2009-02-25 11:53:02 -0500 (Wed, 25 Feb 2009)
New Revision: 943
Modified:
branches/2.1.x/java/org/apache/catalina/realm/DataSourceRealm.java
branches/2.1.x/java/org/apache/catalina/realm/JDBCRealm.java
branches/2.1.x/java/org/apache/catalina/realm/MemoryRealm.java
branches/2.1.x/webapps/docs/changelog.xml
Log:
- Fix possible NPE in realm auth process.
Modified: branches/2.1.x/java/org/apache/catalina/realm/DataSourceRealm.java
===================================================================
--- branches/2.1.x/java/org/apache/catalina/realm/DataSourceRealm.java 2009-02-25 16:52:17
UTC (rev 942)
+++ branches/2.1.x/java/org/apache/catalina/realm/DataSourceRealm.java 2009-02-25 16:53:02
UTC (rev 943)
@@ -270,8 +270,9 @@
*/
public Principal authenticate(String username, String credentials) {
- // No user - can't possibly authenticate, don't bother the database then
- if (username == null) {
+ // No user or no credentials
+ // Can't possibly authenticate, don't bother the database then
+ if (username == null || credentials == null) {
return null;
}
Modified: branches/2.1.x/java/org/apache/catalina/realm/JDBCRealm.java
===================================================================
--- branches/2.1.x/java/org/apache/catalina/realm/JDBCRealm.java 2009-02-25 16:52:17 UTC
(rev 942)
+++ branches/2.1.x/java/org/apache/catalina/realm/JDBCRealm.java 2009-02-25 16:53:02 UTC
(rev 943)
@@ -329,6 +329,12 @@
*/
public synchronized Principal authenticate(String username, String credentials) {
+ // No user or no credentials
+ // Can't possibly authenticate, don't bother the database then
+ if (username == null || credentials == null) {
+ return null;
+ }
+
// Number of tries is the numebr of attempts to connect to the database
// during this login attempt (if we need to open the database)
// This needs rewritten wuth better pooling support, the existing code
@@ -387,15 +393,10 @@
* @param credentials Password or other credentials to use in
* authenticating this username
*/
- public synchronized Principal authenticate(Connection dbConnection,
+ protected synchronized Principal authenticate(Connection dbConnection,
String username,
String credentials) {
- // No user - can't possibly authenticate
- if (username == null) {
- return (null);
- }
-
// Look up the user's credentials
String dbCredentials = getPassword(username);
Modified: branches/2.1.x/java/org/apache/catalina/realm/MemoryRealm.java
===================================================================
--- branches/2.1.x/java/org/apache/catalina/realm/MemoryRealm.java 2009-02-25 16:52:17 UTC
(rev 942)
+++ branches/2.1.x/java/org/apache/catalina/realm/MemoryRealm.java 2009-02-25 16:53:02 UTC
(rev 943)
@@ -147,7 +147,7 @@
(GenericPrincipal) principals.get(username);
boolean validated = false;
- if (principal != null) {
+ if (principal != null && credentials != null) {
if (hasMessageDigest()) {
// Hex hashes should be compared case-insensitive
validated = (digest(credentials)
Modified: branches/2.1.x/webapps/docs/changelog.xml
===================================================================
--- branches/2.1.x/webapps/docs/changelog.xml 2009-02-25 16:52:17 UTC (rev 942)
+++ branches/2.1.x/webapps/docs/changelog.xml 2009-02-25 16:53:02 UTC (rev 943)
@@ -23,6 +23,9 @@
</subsection>
<subsection name="Catalina">
<changelog>
+ <fix>
+ NPE in various realms. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
Show replies by date