[jboss-jira] [JBoss JIRA] Closed: (JBPORTAL-2334) NullpointerExcption in SessionListener
Thomas Schmidt (JIRA)
jira-events at lists.jboss.org
Thu Mar 5 08:23:22 EST 2009
[ https://jira.jboss.org/jira/browse/JBPORTAL-2334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas Schmidt closed JBPORTAL-2334.
------------------------------------
> NullpointerExcption in SessionListener
> --------------------------------------
>
> Key: JBPORTAL-2334
> URL: https://jira.jboss.org/jira/browse/JBPORTAL-2334
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal Server
> Affects Versions: 2.7.1 Final
> Environment: Windows XP, JBoss AS 4.2.3 GA
> Reporter: Thomas Schmidt
> Assignee: Chris Laprun
> Priority: Minor
> Fix For: 2.7.2 Final
>
>
> Our application has a security issue to invalidate the session on login. This invalidation is implemented in an webserver valve throught:
> req.getSession(true).invalidate();
> Now, on login the Session will be destroyed. This starts the SessionListeners sessionDestroy method.
> The class org.jboss.portal.server.listener.SessionListener is implemented so, that after calling the context from session the context is not further validated.
> I think, this is a bug. In a listener you can not expected that somebody has stored a context in the session.
> a possible solution:
> Set<String> contexts = (Set<String>)arg0.getSession().getAttribute(KEY);
> if (context == null) {
> return;
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list