Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2120

Avoid an NPE in ServerAuthenticationContext when the peer's IP address is not known

    XMLWordPrintable

Details

    Description

      ELY-1894 introduced the ability to make use of the IP address of the client that's connecting to the server to determine what roles should be assigned to the client.

      As part of this change, the callback handler in ServerAuthenticationContext was updated to be able to handle the SocketAddressCallback:

      https://github.com/wildfly-security/wildfly-elytron/blob/1.x/auth/server/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java#L1059-L1061

      If the client's IP address cannot be determined for some reason, it's possible that SocketAddressCallback.getAddress() will be null on line 1060. We should update this to avoid an NPE here.

      We should also avoid an NPE in the case that ((InetSocketAddress) socketAddressCallback.getAddress()).getAddress() is null.
       

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-21852 (7.4.z) ELY-2120 - Avoid an NPE in ServerAuthenticationContext when the peer's IP address is not known

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              rchakrab Ranabir Chakraborty
              fjuma1@redhat.com Farah Juma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: