Bug 50855

Summary: NullPointerException thrown in AuthenticatorBase.register method for null principal
Product: Tomcat 6 Reporter: Dorin <dorin.balaban>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Severity: normal    
Priority: P2    
Version: 6.0.32   
Target Milestone: default   
Hardware: PC   
OS: Windows XP   

Description Dorin 2011-03-02 11:19:27 UTC
The description is the same as for the older bug 39255, except it is produced at

Please, see the following link 

This bug has been fixed for Tomcat 5.5.16, but it looks to appear again in Tomcat 7.

This is the excerpt from AuthenticatorBase.java:
   public void register(Request request, HttpServletResponse response,
                            Principal principal, String authType,
                            String username, String password) {

       if (log.isDebugEnabled())
            log.debug("Authenticated '" + principal.getName() + "' with type '"
                + authType + "'");

It is seen that there is no more condition to verify if principal is null.

Specifically, the NullPointerException is thrown when calling HttpServletRequest.logout method from a JSF managed bean. According to Java EE 6 documentation, the logout method establishes null as the value returned when getUserPrincipal, getRemoteUser, and getAuthType is called on the request. Hence, the exception thrown.
Comment 1 Mark Thomas 2011-03-06 02:39:41 UTC
Looks like this never got applied to 6.0.x (or 7.0.x)

I have fixed 7.0.x (will be in 7.0.11 onwards) and proposed the fix for 6.0.x
Comment 2 Mark Thomas 2011-03-10 09:03:16 UTC
This has been fixed in trunk and will be included in 6.0.33 onwards.