Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-6258

Authorication can fail with NPE when no subject is provided

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 8.2.0.CR1, 8.2.0.Final
    • None
    • Security
    • None

      When user's subject is null, authorization on secured cache can fail with NPE bellow, instead of logging SecurityException

      15:14:47,795 ERROR [org.infinispan.server.hotrod.HotRodEncoder] (HotRodServerWorker-9-1) ISPN005022: Exception writing response with messageId=2: java.lang.NullPointerException                                                             
        at org.infinispan.security.impl.CachePrincipalPair.<init>(CachePrincipalPair.java:17)                                                                                                                                                
        at org.infinispan.security.impl.AuthorizationHelper.checkSubjectPermissionAndRole(AuthorizationHelper.java:103)                                                                                                                      
        at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:76)                                                                                                                                     
        at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:37)

              vjuranek@redhat.com Vojtech Juranek
              vjuranek@redhat.com Vojtech Juranek
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: