[GLASSFISH-20499] Potential IllegalStateException in form based login Created: 10/May/13  Updated: 10/May/13  Resolved: 10/May/13

Status: Resolved
Project: glassfish
Component/s: web_container
Affects Version/s: None
Fix Version/s: 4.0_b89_RC5

Type: Bug Priority: Major
Reporter: Shing Wai Chan Assignee: Shing Wai Chan
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Tags: 4_0-approved


In FormAuthenticator#forwardToLoginPage, it has the following:

        if (isChangeSessionIdOnAuthentication()) {

This is a potential IllegalStateException here as session may be null.

Comment by Shing Wai Chan [ 10/May/13 ]

fix in trunk
Sending web-core/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java
Transmitting file data .
Committed revision 61945.

Comment by Shing Wai Chan [ 10/May/13 ]
  • What is the impact on the customer of the bug?
    a possible IllegalStateException when there is no session created for a form based login application
  • What is the cost/risk of fixing the bug?
    low. One line fix
  • Is there an impact on documentation or message strings?
  • Which tests should QA (re)run to verify the fix did not destabilize GlassFish?
    SQE web tests
  • Which is the targeted build of 4.0 for this fix?
  • If this an integration of a new version of a component from another project,
    what are the changes that are being brought in? This might be list of
    Jira issues from that project or a list of revision messages.
Comment by Shing Wai Chan [ 10/May/13 ]

port fix to 4.0 branch
Sending src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java
Transmitting file data .
Committed revision 61946.

Generated at Fri Oct 09 04:01:58 UTC 2015 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.