Feb 10th, 2007, 03:45 PM
Acegi 1.0.3: Should UsernamePasswordAuthenticationToken accept null parameters?
The reason I ask is because this results in a NullPointerException in "DaoAuthenticationProvider.additionalAuthenticatio nChecks()" on line 60, when I pass a valid username, and a null password.
Version info: Acegi 1.0.3, Spring 2.0, using an InMemoryDaoImpl and a programatic authentication.
The null pointer is caused when the DaoAuthenticationProvider gets the credentials from the authentication object, and then runs a .toString() on it.
Here's a code snippet:
AuthenticationManager authManager = (AuthenticationManager)applicationContext.getBean( "authenticationManager");
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("validUsername ", null);
authManager.authenticate(authenticationToken); // null pointer exception
If anyone would like more details, or complete test code, let me know.
Feb 11th, 2007, 02:52 PM
It would be worth checking JIRA to see if this has already been entered. Although it shouldn't happen it would be good to check it. AuthenticationProcessingFilter actually checks for a null and sets it to empty String.
Feb 11th, 2007, 10:13 PM
I did not find an existing issue so I have created a new one: http://opensource.atlassian.com/proj...browse/SEC-434