SEC-252: Stop NPE if principal object is null.

2006-04-26 03:00:14 +00:00 · 2006-04-26 03:00:14 +00:00 · de4af379cc
parent fba45cb19e
commit de4af379cc
1 changed files with 8 additions and 6 deletions
--- a/core/src/main/java/org/acegisecurity/providers/AbstractAuthenticationToken.java
+++ b/core/src/main/java/org/acegisecurity/providers/AbstractAuthenticationToken.java
@ -141,7 +141,8 @@ public abstract class AbstractAuthenticationToken implements Authentication {
            return ((UserDetails) this.getPrincipal()).getUsername();
        }

-        return this.getPrincipal().toString();
+        return (this.getPrincipal() == null) ? "" : this.getPrincipal()
+                                                        .toString();
    }

    public int hashCode() {
@ -149,6 +150,7 @@ public abstract class AbstractAuthenticationToken implements Authentication {

        // Copy authorities to local variable for performance (SEC-223)
        GrantedAuthority[] authorities = this.getAuthorities();
+
        if (authorities != null) {
            for (int i = 0; i < authorities.length; i++) {
                code ^= authorities[i].hashCode();