Burt Beckwith (Migrated from SEC-993) said:
I’m trying to create a remember-me cookie with an OpenID authentication. Since OpenIDAuthenticationToken doesn’t support password, it’s causing a NullPointerException in TokenBasedRememberMeServices.retrievePassword() – it calls toString() on the null password (“return authentication.getCredentials().toString();” line 202).
Luke Taylor said:
Thanks for the report. I’ve updated TokenBasedRememberMeServices to return null from the retrievePassword() method if it is presented with an Authentication object which has null credentials. This will just prevent it from setting the remember-me cookie. By definition TokenBasedRMS requires a password, so you can’t use it in this scenario. Consider using the persistent token implementation instead.