Bug 50855

Summary: NullPointerException thrown in AuthenticatorBase.register method for null principal
Product: Tomcat 6 Reporter: Dorin <dorin.balaban>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 6.0.32   
Target Milestone: default   
Hardware: PC   
OS: Windows XP   

Description Dorin 2011-03-02 11:19:27 UTC 
The description is the same as for the older bug 39255, except it is produced at
org.apache.catalina.authenticator.AuthenticatorBase.register(AuthenticatorBase.java:688)

Please, see the following link 
https://issues.apache.org/bugzilla/show_bug.cgi?id=39255

This bug has been fixed for Tomcat 5.5.16, but it looks to appear again in Tomcat 7.

This is the excerpt from AuthenticatorBase.java:
   public void register(Request request, HttpServletResponse response,
                            Principal principal, String authType,
                            String username, String password) {

       if (log.isDebugEnabled())
            log.debug("Authenticated '" + principal.getName() + "' with type '"
                + authType + "'");

It is seen that there is no more condition to verify if principal is null.

Specifically, the NullPointerException is thrown when calling HttpServletRequest.logout method from a JSF managed bean. According to Java EE 6 documentation, the logout method establishes null as the value returned when getUserPrincipal, getRemoteUser, and getAuthType is called on the request. Hence, the exception thrown.
Comment 1 Mark Thomas 2011-03-06 02:39:41 UTC 
Looks like this never got applied to 6.0.x (or 7.0.x)

I have fixed 7.0.x (will be in 7.0.11 onwards) and proposed the fix for 6.0.x
Comment 2 Mark Thomas 2011-03-10 09:03:16 UTC 
This has been fixed in trunk and will be included in 6.0.33 onwards.