SEC-1807: logout success failed on tomcat due to NPE #2039

spring-issuemaster opened this Issue Aug 31, 2011 · 6 comments


None yet
1 participant

Ludovic Praud (Migrated from SEC-1807) said:

Due to issue SEC-1762, the targetUrlParameter is default set to null in SimpleUrlLogoutSuccessHandler constructor. When login out on tomcat 6, it throws NPE because it uses java.util.Hashtable which does not allow retrieving value with a null key.
There is no problem on jetty-7 because it uses org.eclipse.jetty.util.MultiMap which allows null.

Work around : revert to spring-security-3.0.5

The problem is also that is cannot found anywhere the responsible commit. The 3.0.6 exists in maven repo but nowhere released in JIRA or GIT. Very strange !

java.lang.NullPointerException java.util.Hashtable.get( org.apache.tomcat.util.http.Parameters.getParameterValues( org.apache.tomcat.util.http.Parameters.getParameter( org.apache.catalina.connector.Request.getParameter( org.apache.catalina.connector.RequestFacade.getParameter( javax.servlet.ServletRequestWrapper.getParameter($VirtualFilterChain.doFilter($VirtualFilterChain.doFilter( org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate( org.springframework.web.filter.DelegatingFilterProxy.doFilter( org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal( org.springframework.web.filter.OncePerRequestFilter.doFilter( org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal( org.springframework.web.filter.OncePerRequestFilter.doFilter(

Ludovic Praud said:

Sorry but the SEC-1762 issue has nothing to do with this.

Roger Pfister said:

I have hit this too, as will anyone churning out a baisc 'ROO security' app and then switching to framework 3.0.6

Of course it also breaks on - VMware vFabric tc Server - which incoporates tomcat.

Stefan Gybas said:

It also breaks on WebSphere 7:

Caused by: java.lang.NullPointerException
at java.util.Hashtable.get(
at javax.servlet.ServletRequestWrapper.getParameter(

We also went back to 3.0.5.

Oliver Siegmar said:

Same here with Tomcat 7.0.21

Eugen Paraschiv said:

Same on JBoss, which uses Tomcat. Also, I can confirm that moving from 3.0.6 to 3.0.7 does indeed resolve the issue.

This issue duplicates #2035

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment