Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-661

Add check for the principal of subject whether is null

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.5.0
    • Web
    • None

    Description

      When session is based on servlet container(such as tomcat),if the subject is authenticated,the session will contains AUTHENTICATED_SESSION_KEY and PRINCIPALS_SESSION_KEY
      When servlet container closed, it may will be persist session.
      But if the principal can not be serializable, it will not be persisted; when server restart, session will only contains AUTHENTICATED_SESSION_KEY info ,the PRINCIPALS_SESSION_KEY will be lost,
      it means the subject is authenticated, but the subject does not has principal. If the user code is

      User u = subject.getPrincipal(); 
// because the u if null, it will be npe 
u.getName();

       

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #90

          Activity

            People

              fpapon Francois Papon
              fpapon Francois Papon
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 20m
                  1h 20m