Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-21852

(7.4.z) ELY-2120 - Avoid an NPE in ServerAuthenticationContext when the peer's IP address is not known

    XMLWordPrintable

    Details

      Description

      ELY-1894 introduced the ability to make use of the IP address of the client that's connecting to the server to determine what roles should be assigned to the client.

      As part of this change, the callback handler in ServerAuthenticationContext was updated to be able to handle the SocketAddressCallback:

      https://github.com/wildfly-security/wildfly-elytron/blob/1.x/auth/server/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java#L1059-L1061

      If the client's IP address cannot be determined for some reason, it's possible that SocketAddressCallback.getAddress() will be null on line 1060. We should update this to avoid an NPE here.

      We should also avoid an NPE in the case that ((InetSocketAddress) socketAddressCallback.getAddress()).getAddress() is null.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rhn-support-ivassile Ilia Vassilev
              Reporter:
              rhn-support-ivassile Ilia Vassilev
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: