In org.apache.catalina.authenticator.AuthenticatorBase.register (AuthenticatorBase.java:706) a DEBUG log causes a NullPointerException to be thrown if the principal object passed to the method is null, for example when a previously logged in principal is being logged out. protected void register(Request request, Response response, Principal principal, String authType, String username, String password) { if (log.isDebugEnabled()) log.debug("Authenticated '" + principal.getName() + "' with type '" + authType + "'"); The acces principal.getName() when principal is null causes an exception. Note that is DEBUG traces are not enabled, the processing continues as expected.
Mmm, I wish I saw this before cutting 5.5.17 just now. Will do for the following release.
Jees, I let this one slip a long time, didn't I? Sorry about that, and thanks again for reporting the bug originally. The fix has been committed to SVN.