Skip to content

SEC-3204: InMemoryUserDetailsManager NullPointerException #3403

New issue
New issue
Closed
#9919
Closed
SEC-3204: InMemoryUserDetailsManager NullPointerException#3403
#9919
Assignees
marcusdacoregio
Labels
in: coreAn issue in spring-security-coretype: bugA general bugtype: jiraAn issue that was migrated from JIRA
@spring-projects-issues

Description

@spring-projects-issues
spring-projects-issues
opened on Jan 25, 2016

Updated

We should provide better error messages when an invalid user format is provided

Original

Henrik Sachse (Migrated from SEC-3204) said:

The org.springframework.security.provisioning.InMemoryUserDetailsManager may throw a NullPointerException when an invalid user Properties file gets loaded (see attachments).

Can be reproduced with the following code having the attached file on the classpath:

String invalidPropertiesFile = "invalid.properties";
ClassPathResource classPathResource = new ClassPathResource(invalidPropertiesFile);
Properties userProperties = new Properties();
userProperties.load(classPathResource.getInputStream());
// NullPointerException thrown here
InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager(userProperties);

That is because the method org.springframework.security.core.userdetails.memory.UserAttributeEditor.setAsText(String) may invoke the java.beans.PropertyEditorSupport.setValue(Object) method with null in case its parameter is an empty string.

Metadata

Metadata

Assignees

Labels

in: coreAn issue in spring-security-coretype: bugA general bugtype: jiraAn issue that was migrated from JIRA

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions