[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-2334) NullpointerExcption in SessionListener
Thomas Schmidt (JIRA)
jira-events at lists.jboss.org
Thu Mar 5 06:37:50 EST 2009
NullpointerExcption in SessionListener
--------------------------------------
Key: JBPORTAL-2334
URL: https://jira.jboss.org/jira/browse/JBPORTAL-2334
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal Server
Affects Versions: 2.7.1 Final
Environment: Windows XP, JBoss AS 4.2.3 GA
Reporter: Thomas Schmidt
Priority: Minor
Our application has a security issue to invalidate the session on login. This invalidation is implemented in an webserver valve throught:
req.getSession(true).invalidate();
Now, on login the Session will be destroyed. This starts the SessionListeners sessionDestroy method.
The class org.jboss.portal.server.listener.SessionListener is implemented so, that after calling the context from session the context is not further validated.
I think, this is a bug. In a listener you can not expected that somebody has stored a context in the session.
a possible solution:
Set<String> contexts = (Set<String>)arg0.getSession().getAttribute(KEY);
if (context == null) {
return;
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list