SEC-1390: NullPointerException in OpenID4JavaConsumer.endConsumption #1633

Closed
spring-issuemaster opened this Issue Jan 26, 2010 · 1 comment

1 participant

@spring-issuemaster

Pedro Teixeira (Migrated from SEC-1390) said:

Log+Exception

INFO YadisResolver - Yadis discovered 0 endpoints from: http:///openid?id=11001259674714705...
INFO Discovery - No OpenID service endpoints discovered through Yadis; attempting HTML discovery...
INFO HttpCache - Cached GET response does not match the required content type, removing.
INFO HttpCache - Removing cached GET for http:///openid?id=11001259674714705...
INFO HttpCache - Removing cached GET response for http:///openid?id=11001259674714705...
INFO HtmlResolver - HTML discovery completed on: http:///openid?id=11001259674714705...
INFO Discovery - Discovered 0 OpenID endpoints.
ERROR ConsumerManager - No service element found to match the ClaimedID / OP-endpoint in the assertion.
ERROR ConsumerManager - Discovered information verification failed.

java.lang.NullPointerException
at org.springframework.security.openid.OpenID4JavaConsumer.endConsumption(OpenID4JavaConsumer.java:172)
at org.springframework.security.openid.OpenIDAuthenticationFilter.attemptAuthentication(OpenIDAuthenticationFilter.java:152)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)

Code

call to discovered.getClaimedIdentifier() returns null in the following lines:

return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE,
discovered.getClaimedIdentifier().getIdentifier(),
"Verification status message: [" + verification.getStatusMsg() + "]", attributes);

@spring-issuemaster

Luke Taylor said:

Added null check to prevent NPE.

@spring-issuemaster spring-issuemaster added this to the 3.0.2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment