SEC-143: NPE in JaasAuthenticationProvider #404
Labels
in: core
An issue in spring-security-core
type: bug
A general bug
type: jira
An issue that was migrated from JIRA
Milestone
Eric Hedström(Migrated from SEC-143) said:
Servlet containers often destroy sessions before an Acegi SecurityContext has been attached to them. This ends up causing a NullPointerException in JaasAuthenticationProvider.handleLogout() line 424.
java.lang.NullPointerException
at net.sf.acegisecurity.providers.jaas.JaasAuthenticationProvider.handleLogout(JaasAuthenticationProvider.java:424)
at net.sf.acegisecurity.providers.jaas.JaasAuthenticationProvider.onApplicationEvent(JaasAuthenticationProvider.java:413)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:45)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:224)
at net.sf.acegisecurity.ui.session.HttpSessionEventPublisher.sessionDestroyed(HttpSessionEventPublisher.java:107)
at com.ibm.ws.webcontainer.httpsession.SessionContext.sessionDestroyedEvent(SessionContext.java:3417)
…..
The text was updated successfully, but these errors were encountered: