Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-661

Add check for the principal of subject whether is null

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.5.0
    • Component/s: Web
    • Labels:
      None

      Description

      When session is based on servlet container(such as tomcat),if the subject is authenticated,the session will contains AUTHENTICATED_SESSION_KEY and PRINCIPALS_SESSION_KEY
      When servlet container closed, it may will be persist session.
      But if the principal can not be serializable, it will not be persisted; when server restart, session will only contains AUTHENTICATED_SESSION_KEY info ,the PRINCIPALS_SESSION_KEY will be lost,
      it means the subject is authenticated, but the subject does not has principal. If the user code is

      User u = subject.getPrincipal(); 
      // because the u if null, it will be npe 
      u.getName();

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                fpapon Francois Papon
                Reporter:
                fpapon Francois Papon
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 20m
                  1h 20m