62142 – NullPointerException in Request.logout()

Bug 62142 - NullPointerException in Request.logout()

Summary: NullPointerException in Request.logout()

Status:	RESOLVED DUPLICATE of bug 62104

Alias:	None

Product:	Tomcat 8
Classification:	Unclassified
Component:	Catalina (show other bugs)
Version:	8.5.28
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	----
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-02-27 21:38 UTC by Matt Jensen
Modified:	2018-02-27 21:47 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Jensen 2018-02-27 21:38:53 UTC

I'm not sure yet whether I have some type of misconfiguration which triggers this error, but I'm pretty confident that this is a bug in the Tomcat code either way.

Line 2767 in org.apache.catalina.connector.Request.logout() throws a NullPointerException when Context.getAuthenticator() returns is null. I believe that this is inappropriate, a null check should be performed, per the Javadoc for org.apache.catalina.Context.getAuthenticator():

    /**
     * @return the {@link Authenticator} that is used by this context or
     * <code>null</code> if none is used.
     */

If null is a valid return value per the API contract, then any calling code should probably do a null check rather than throwing an NPE. There are null checks elsewhere in org.apache.catalina.connector.Request, they simply throw new ServletException("no authenticator").

Comment 1 Mark Thomas 2018-02-27 21:47:18 UTC

Different error, but same root cause.

We probably need to clean-up the code now an Authenticator is always present but that is a separate issue.

*** This bug has been marked as a duplicate of bug 62104 ***