Spring Security
  1. Spring Security
  2. SEC-1390

NullPointerException in OpenID4JavaConsumer.endConsumption

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.1
    • Fix Version/s: 3.0.2
    • Component/s: OpenID
    • Labels:
      None

      Description

      Log+Exception
      =====

      INFO YadisResolver - Yadis discovered 0 endpoints from: http://<domain>/openid?id=11001259674714705...
      INFO Discovery - No OpenID service endpoints discovered through Yadis; attempting HTML discovery...
      INFO HttpCache - Cached GET response does not match the required content type, removing.
      INFO HttpCache - Removing cached GET for http://<domain>/openid?id=11001259674714705...
      INFO HttpCache - Removing cached GET response for http://<domain>/openid?id=11001259674714705...
      INFO HtmlResolver - HTML discovery completed on: http://<domain>/openid?id=11001259674714705...
      INFO Discovery - Discovered 0 OpenID endpoints.
      ERROR ConsumerManager - No service element found to match the ClaimedID / OP-endpoint in the assertion.
      ERROR ConsumerManager - Discovered information verification failed.

      java.lang.NullPointerException
      at org.springframework.security.openid.OpenID4JavaConsumer.endConsumption(OpenID4JavaConsumer.java:172)
      at org.springframework.security.openid.OpenIDAuthenticationFilter.attemptAuthentication(OpenIDAuthenticationFilter.java:152)
      at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)

      Code
      ====

      call to discovered.getClaimedIdentifier() returns null in the following lines:

      return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE,
      discovered.getClaimedIdentifier().getIdentifier(),
      "Verification status message: [" + verification.getStatusMsg() + "]", attributes);

        Activity

        Hide
        Luke Taylor added a comment -

        Added null check to prevent NPE.

        Show
        Luke Taylor added a comment - Added null check to prevent NPE.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Pedro Teixeira
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: