glassfish
  1. glassfish
  2. GLASSFISH-20499

Potential IllegalStateException in form based login

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0_b89_RC5
    • Component/s: web_container
    • Labels:
      None

      Description

      In FormAuthenticator#forwardToLoginPage, it has the following:

              if (isChangeSessionIdOnAuthentication()) {
                  request.changeSessionId();
              }
      

      This is a potential IllegalStateException here as session may be null.

        Activity

        Hide
        Shing Wai Chan added a comment -

        port fix to 4.0 branch
        Sending src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java
        Transmitting file data .
        Committed revision 61946.

        Show
        Shing Wai Chan added a comment - port fix to 4.0 branch Sending src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java Transmitting file data . Committed revision 61946.
        Hide
        Shing Wai Chan added a comment -
        • What is the impact on the customer of the bug?
          a possible IllegalStateException when there is no session created for a form based login application
        • What is the cost/risk of fixing the bug?
          low. One line fix
        • Is there an impact on documentation or message strings?
          No.
        • Which tests should QA (re)run to verify the fix did not destabilize GlassFish?
          SQE web tests
        • Which is the targeted build of 4.0 for this fix?
          4.0_b89
        • If this an integration of a new version of a component from another project,
          what are the changes that are being brought in? This might be list of
          Jira issues from that project or a list of revision messages.
          N/A
        Show
        Shing Wai Chan added a comment - What is the impact on the customer of the bug? a possible IllegalStateException when there is no session created for a form based login application What is the cost/risk of fixing the bug? low. One line fix Is there an impact on documentation or message strings? No. Which tests should QA (re)run to verify the fix did not destabilize GlassFish? SQE web tests Which is the targeted build of 4.0 for this fix? 4.0_b89 If this an integration of a new version of a component from another project, what are the changes that are being brought in? This might be list of Jira issues from that project or a list of revision messages. N/A
        Hide
        Shing Wai Chan added a comment -

        fix in trunk
        Sending web-core/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java
        Transmitting file data .
        Committed revision 61945.

        Show
        Shing Wai Chan added a comment - fix in trunk Sending web-core/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java Transmitting file data . Committed revision 61945.

          People

          • Assignee:
            Shing Wai Chan
            Reporter:
            Shing Wai Chan
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: