https://bz.apache.org/bugzilla/show_bug.cgi?id=61784
Bug ID: 61784
Summary: NPE if AuthConfigFactoryImpl.registerConfigProvider()
is called with null provider name parameter
Product: Tomcat 8
Version: 8.5.23
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: lazar.kirc...@gmail.com
Target Milestone: ----
When AuthConfigFactoryImpl.doRegisterConfigProvider() tries to load the class
of the provider it does not check for null. However, according to the javadoc
in the jaspic specification null could be passed as provider name.
Therefore a check for null is necessary in this place. And if it is null,
according to the spec the registration ID should be returned, but subsequent
calls to getConfigProvider() should return null.
The only thing which shoud be added to the current implementation in order to
support this behavior is in case of null provider class name, only to return
the registration ID without modifying the provider registration structures
or the persistent storage.
In this way it will actually return a non-existing registration ID, but if
getConfigProvider() is called with non-existing registration ID it returns
null, so it behaves according to the spec.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
