Bug 56246

Summary: NPE in MemoryRealm when authenticating unknown user
Product: Tomcat 7 Reporter: mail
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 7.0.52   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description mail 2014-03-11 13:46:44 UTC
When using the embedded tomcat with a MemoryRealm for basic authentication, a request containing an unknown username leads to a NullPointerException.

java.lang.NullPointerException
org.apache.catalina.realm.MemoryRealm.authenticate(MemoryRealm.java:143)	org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:164)
....

MemoryRealm.authenticate get the principal via principals.get(username).
If the user is not known, he result is null.
Comment 1 Mark Thomas 2014-03-12 14:53:48 UTC
Thanks for the report. This has been fixed in trunk for 8.0.4 and in 7.0.x for 7.0.53 onwards.