[WW-5194] UIBean.evaluateParams() throws an IllegalStateException when getting the nonce out of a session that has been invalidated. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Not A Problem
Affects Version/s: 6.0.0
Fix Version/s: 6.0.3
Component/s: Core
Labels:
- UIBean

Description

Summary

UIBean.evaluateParams() grabs the nonce out of the session without first checking that it exists, causing an IllegalStateException to be thrown if the session has been invalidated. This breaks our use case where we invalidate a session, but still want to use ActionError to convey information to the user. It doesn't appear that this change relates to removing double evaluations, so I would consider this a regression.

Triage

This was introduced when refactoring to fix double evaluations:

Object nonceValue = session != null ? session.get("nonce") : null;
if (nonceValue != null){ 
    addParameter("nonce", nonceValue.toString()); 
}

The previous previous revision first checks that the key exists before attempting to pull it out:

if (session.containsKey("nonce")) {               
   String nonceValue = session.get("nonce").toString();
   addParameter("nonce", nonceValue);           
}

Attachments

Activity

People

Assignee:: Yasser Zamani

Reporter:: Joseph Wolschon

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/Jun/22 19:53

Updated:: 12/Feb/23 14:44

Resolved:: 24/Jun/22 09:05