Bug 62142 - NullPointerException in Request.logout()
Summary: NullPointerException in Request.logout()
Status: RESOLVED DUPLICATE of bug 62104
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 8.5.28
Hardware: PC All
: P2 normal (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-27 21:38 UTC by Matt Jensen
Modified: 2018-02-27 21:47 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jensen 2018-02-27 21:38:53 UTC
I'm not sure yet whether I have some type of misconfiguration which triggers this error, but I'm pretty confident that this is a bug in the Tomcat code either way.

Line 2767 in org.apache.catalina.connector.Request.logout() throws a NullPointerException when Context.getAuthenticator() returns is null. I believe that this is inappropriate, a null check should be performed, per the Javadoc for org.apache.catalina.Context.getAuthenticator():

    /**
     * @return the {@link Authenticator} that is used by this context or
     * <code>null</code> if none is used.
     */

If null is a valid return value per the API contract, then any calling code should probably do a null check rather than throwing an NPE. There are null checks elsewhere in org.apache.catalina.connector.Request, they simply throw new ServletException("no authenticator").
Comment 1 Mark Thomas 2018-02-27 21:47:18 UTC
Different error, but same root cause.

We probably need to clean-up the code now an Authenticator is always present but that is a separate issue.

*** This bug has been marked as a duplicate of bug 62104 ***