Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-21852

(7.4.z) ELY-2120 - Avoid an NPE in ServerAuthenticationContext when the peer's IP address is not known

XMLWordPrintable

      ELY-1894 introduced the ability to make use of the IP address of the client that's connecting to the server to determine what roles should be assigned to the client.

      As part of this change, the callback handler in ServerAuthenticationContext was updated to be able to handle the SocketAddressCallback:

      https://github.com/wildfly-security/wildfly-elytron/blob/1.x/auth/server/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java#L1059-L1061

      If the client's IP address cannot be determined for some reason, it's possible that SocketAddressCallback.getAddress() will be null on line 1060. We should update this to avoid an NPE here.

      We should also avoid an NPE in the case that ((InetSocketAddress) socketAddressCallback.getAddress()).getAddress() is null.

              rhn-support-ivassile Ilia Vassilev
              rhn-support-ivassile Ilia Vassilev
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: