SEC-143: NPE in JaasAuthenticationProvider #404
Labels
in: core
An issue in spring-security-core
type: bug
A general bug
type: jira
An issue that was migrated from JIRA
Milestone
Comments
|
Eric Hedström said: Can’t connect to CVS to create a patch file, but one approach would be to replace line 424 with these: ``` |
|
Ray Krueger said: Fixed |
spring-projects-issues
added
in: core
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Eric Hedström(Migrated from SEC-143) said:
Servlet containers often destroy sessions before an Acegi SecurityContext has been attached to them. This ends up causing a NullPointerException in JaasAuthenticationProvider.handleLogout() line 424.
java.lang.NullPointerException
at net.sf.acegisecurity.providers.jaas.JaasAuthenticationProvider.handleLogout(JaasAuthenticationProvider.java:424)
at net.sf.acegisecurity.providers.jaas.JaasAuthenticationProvider.onApplicationEvent(JaasAuthenticationProvider.java:413)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:45)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:224)
at net.sf.acegisecurity.ui.session.HttpSessionEventPublisher.sessionDestroyed(HttpSessionEventPublisher.java:107)
at com.ibm.ws.webcontainer.httpsession.SessionContext.sessionDestroyedEvent(SessionContext.java:3417)
…..
The text was updated successfully, but these errors were encountered: