Handle possible NPE bug in some jkd versions.

- Check if GSSContext initiator is null, which it should not be, and throw BadCredentialsException instead of NPE.
fries · Apr 22, 2015 · f046bd7 · f046bd7
1 parent 9a6165d
commit f046bd7
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/.../springframework/security/kerberos/authentication/sun/SunJaasKerberosTicketValidator.java b/.../springframework/security/kerberos/authentication/sun/SunJaasKerberosTicketValidator.java
@@ -33,6 +33,7 @@
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
@@ -159,11 +160,14 @@ public KerberosValidateAction(byte[] kerberosTicket) {
         public KerberosTicketValidation run() throws Exception {
 			GSSContext context = GSSManager.getInstance().createContext((GSSCredential) null);
 			byte[] responseToken = context.acceptSecContext(kerberosTicket, 0, kerberosTicket.length);
-			String user = context.getSrcName().toString();
+			GSSName gssName = context.getSrcName();
+			if (gssName == null) {
+				throw new BadCredentialsException("GSSContext name of the context initiator is null");
+			}
 			if (!holdOnToGSSContext) {
 				context.dispose();
 			}
-			return new KerberosTicketValidation(user, servicePrincipal, responseToken, context);
+			return new KerberosTicketValidation(gssName.toString(), servicePrincipal, responseToken, context);
         }
     }