Skip to content

TokenBasedRememberMeServices.processAutoLoginCookie (TokenBasedRememberMeServices.java:134) java.lang.NullPointerException #7251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
codeconsole opened this issue Aug 11, 2019 · 1 comment
Closed

TokenBasedRememberMeServices.processAutoLoginCookie (TokenBasedRememberMeServices.java:134) java.lang.NullPointerException #7251

codeconsole opened this issue Aug 11, 2019 · 1 comment
Assignees
@eleftherias
Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Milestone
5.2.0.RC1

Comments

@codeconsole
Copy link
Contributor

TokenBasedRememberMeServices assumes user exists when it could not for various reasons:

  1. The user could have been deleted (Most likely)
  2. The cookie could be invalid

https://github.com/spring-projects/spring-security/blob/master/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java#L123-L124

There is no check and such an exception is not handled gracefully.
At the very least, it should throw a InvalidCookieException
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Aug 11, 2019
codeconsole added a commit to codeconsole/spring-security that referenced this issue Aug 11, 2019
@codeconsole
Check that userdetails for username exists. spring-projects#7251
bfc6bb9
codeconsole added a commit to codeconsole/spring-security that referenced this issue Aug 11, 2019
@codeconsole
Check that userdetails for username exists. spring-projects#7251
269785f
@codeconsole codeconsole mentioned this issue Aug 11, 2019
Closed
@eleftherias eleftherias self-assigned this Aug 13, 2019
@eleftherias eleftherias added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Aug 13, 2019
eleftherias pushed a commit that referenced this issue Sep 3, 2019
@codeconsole @eleftherias
Check that userdetails for username exists. #7251
26ae590
@eleftherias
Copy link
Contributor

Closed via commit 26ae590

@eleftherias eleftherias added this to the 5.2.0.RC1 milestone Sep 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eleftherias eleftherias

Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.RC1
Development

Successfully merging a pull request may close this issue.

Fix NPE in TokenBasedRememberMeServices with null UserDetails codeconsole/spring-security
3 participants
@codeconsole @eleftherias @spring-projects-issues