56246 – NPE in MemoryRealm when authenticating unknown user

Bug 56246 - NPE in MemoryRealm when authenticating unknown user

Summary: NPE in MemoryRealm when authenticating unknown user

Status:	RESOLVED FIXED

Alias:	None

Product:	Tomcat 7
Classification:	Unclassified
Component:	Catalina (show other bugs)
Version:	7.0.52
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-11 13:46 UTC by mail
Modified:	2014-03-12 14:53 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mail 2014-03-11 13:46:44 UTC

When using the embedded tomcat with a MemoryRealm for basic authentication, a request containing an unknown username leads to a NullPointerException.

java.lang.NullPointerException
org.apache.catalina.realm.MemoryRealm.authenticate(MemoryRealm.java:143)	org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:164)
....

MemoryRealm.authenticate get the principal via principals.get(username).
If the user is not known, he result is null.

Comment 1 Mark Thomas 2014-03-12 14:53:48 UTC

Thanks for the report. This has been fixed in trunk for 8.0.4 and in 7.0.x for 7.0.53 onwards.