Bug 50855 - NullPointerException thrown in AuthenticatorBase.register method for null principal
NullPointerException thrown in AuthenticatorBase.register method for null pri...
Product: Tomcat 6
Classification: Unclassified
Component: Catalina
PC Windows XP
: P2 normal (vote)
: default
Assigned To: Tomcat Developers Mailing List
Depends on:
  Show dependency tree
Reported: 2011-03-02 11:19 UTC by Dorin
Modified: 2011-03-10 09:03 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Dorin 2011-03-02 11:19:27 UTC
The description is the same as for the older bug 39255, except it is produced at

Please, see the following link 

This bug has been fixed for Tomcat 5.5.16, but it looks to appear again in Tomcat 7.

This is the excerpt from AuthenticatorBase.java:
   public void register(Request request, HttpServletResponse response,
                            Principal principal, String authType,
                            String username, String password) {

       if (log.isDebugEnabled())
            log.debug("Authenticated '" + principal.getName() + "' with type '"
                + authType + "'");

It is seen that there is no more condition to verify if principal is null.

Specifically, the NullPointerException is thrown when calling HttpServletRequest.logout method from a JSF managed bean. According to Java EE 6 documentation, the logout method establishes null as the value returned when getUserPrincipal, getRemoteUser, and getAuthType is called on the request. Hence, the exception thrown.
Comment 1 Mark Thomas 2011-03-06 02:39:41 UTC
Looks like this never got applied to 6.0.x (or 7.0.x)

I have fixed 7.0.x (will be in 7.0.11 onwards) and proposed the fix for 6.0.x
Comment 2 Mark Thomas 2011-03-10 09:03:16 UTC
This has been fixed in trunk and will be included in 6.0.33 onwards.