Pascal Riquier created an issue |
BruteForceListener should skip doing its work if username in authentication is null |
Issue Type: |
Bug |
---|---|
Assignee: |
Unassigned |
Created: |
18/Jun/19 1:21 PM |
Priority: |
Medium |
Reporter: |
// Yes, enabled, check for concurrent login attempt { LOGGER.warning( "Brute force attack prevention enabled, but Spring Authentication " + "does not provide a user name, skipping: " + authentication); } // do we have a delayed login in flight already? If so, kill this login attempt If the username is null, the log message says to skip doing anything for this authentication, but the BruteForceListener goes on anyway, resulting in a NullPointerException thrown from the attempt to look up the username in the ‘delayedUsers’ ConcurrentHashMap. |
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS |
|
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100104-sha1:ce3e8e1) |