SEC-1521: NullPointerException in SecurityContextPersistenceFilter with null SecurityContextRepository #1762

spring-issuemaster opened this Issue Jul 22, 2010 · 3 comments


None yet

1 participant


Jarrod Carlson (Migrated from SEC-1521) said:

According to documentation in section 8.3.1, the SecurityContextPersistenceFilter should support a null SecurityContextRepository, which would prevent a SecurityContext from ever being persisted.

However, configuring a null SecurityContextRepository results in a NullPointerException. Either the documentation is incorrect or misleading, or the SecurityContextPersistenceFilter should perform null checks on the field.

<bean id="securityContextPersistenceFilter"
    <property name="securityContextRepository">
        <null />

SEVERE: Servlet.service() for servlet classes/com.turner.playon.event threw exception
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
at org.apache.catalina.core.StandardWrapperValve.invoke(
at org.apache.catalina.core.StandardContextValve.invoke(
at org.apache.catalina.core.StandardHostValve.invoke(
at org.apache.catalina.valves.ErrorReportValve.invoke(
at org.apache.catalina.core.StandardEngineValve.invoke(
at org.apache.catalina.connector.CoyoteAdapter.service(
at org.apache.coyote.http11.Http11Processor.process(
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(


Luke Taylor said:

It's actually referring to a "null implementation" (as in, rather than the value "null". We should probably add a check on initialization though with an eror message.


Luke Taylor said:

I've added a null check on the injected SecurityContextRepository and clarified the docs, including a reference to the available NullSecurityContextRepository implementation which is already provided.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment