java.lang.NullPointerException

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • spring-web-3.0.6.RELEASE fixed an issue with double encoding by allowing users to use the web.xml to disable double encoding. This logic was introduced into ExpressionEvaluationUtils.isSpringJspExpressionSupportActive which requires the PageContext to be a non null value. Since AuthzImpl internally uses the LegacyAuthorizeTag and does not inject the PageContext, it fails with a NullPointerException as show below. Note that this issue should have been caught with the current tests, but some of the tests in 3.0.x have not been ran. See SEC-1881 {code} spring-security-taglibs-TRUNK org.springframework.security.taglibs.velocity.AuthzImplAuthorizeTagTest testAlwaysReturnsUnauthorizedIfNoUserFound(org.springframework.security.taglibs.velocity.AuthzImplAuthorizeTagTest) java.lang.NullPointerException at org.springframework.web.util.ExpressionEvaluationUtils.isSpringJspExpressionSupportActive(ExpressionEvaluationUtils.java:73) at org.springframework.web.util.ExpressionEvaluationUtils.evaluateString(ExpressionEvaluationUtils.java:148) at org.springframework.security.taglibs.authz.LegacyAuthorizeTag.doStartTag(LegacyAuthorizeTag.java:74) at org.springframework.security.taglibs.velocity.AuthzImpl.ifGranted(AuthzImpl.java:103) at org.springframework.security.taglibs.velocity.AuthzImpl.allGranted(AuthzImpl.java:45) at org.springframework.security.taglibs.velocity.AuthzImplAuthorizeTagTest.testAlwaysReturnsUnauthorizedIfNoUserFound(AuthzImplAuthorizeTagTest.java:58) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at junit.framework.TestCase.runTest(TestCase.java:168) at junit.framework.TestCase.runBare(TestCase.java:134) at junit.framework.TestResult$1.protect(TestResult.java:110) at junit.framework.TestResult.runProtected(TestResult.java:128) at junit.framework.TestResult.run(TestResult.java:113) at junit.framework.TestCase.run(TestCase.java:124) at junit.framework.TestSuite.runTest(TestSuite.java:232) at junit.framework.TestSuite.run(TestSuite.java:227) at org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:91) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) {code}
    via by Rob Winch,
  • spring-web-3.0.6.RELEASE fixed an issue with double encoding by allowing users to use the web.xml to disable double encoding. This logic was introduced into ExpressionEvaluationUtils.isSpringJspExpressionSupportActive which requires the PageContext to be a non null value. Since AuthzImpl internally uses the LegacyAuthorizeTag and does not inject the PageContext, it fails with a NullPointerException as show below. Note that this issue should have been caught with the current tests, but some of the tests in 3.0.x have not been ran. See SEC-1881 {code} spring-security-taglibs-TRUNK org.springframework.security.taglibs.velocity.AuthzImplAuthorizeTagTest testAlwaysReturnsUnauthorizedIfNoUserFound(org.springframework.security.taglibs.velocity.AuthzImplAuthorizeTagTest) java.lang.NullPointerException at org.springframework.web.util.ExpressionEvaluationUtils.isSpringJspExpressionSupportActive(ExpressionEvaluationUtils.java:73) at org.springframework.web.util.ExpressionEvaluationUtils.evaluateString(ExpressionEvaluationUtils.java:148) at org.springframework.security.taglibs.authz.LegacyAuthorizeTag.doStartTag(LegacyAuthorizeTag.java:74) at org.springframework.security.taglibs.velocity.AuthzImpl.ifGranted(AuthzImpl.java:103) at org.springframework.security.taglibs.velocity.AuthzImpl.allGranted(AuthzImpl.java:45) at org.springframework.security.taglibs.velocity.AuthzImplAuthorizeTagTest.testAlwaysReturnsUnauthorizedIfNoUserFound(AuthzImplAuthorizeTagTest.java:58) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at junit.framework.TestCase.runTest(TestCase.java:168) at junit.framework.TestCase.runBare(TestCase.java:134) at junit.framework.TestResult$1.protect(TestResult.java:110) at junit.framework.TestResult.runProtected(TestResult.java:128) at junit.framework.TestResult.run(TestResult.java:113) at junit.framework.TestCase.run(TestCase.java:124) at junit.framework.TestSuite.runTest(TestSuite.java:232) at junit.framework.TestSuite.run(TestSuite.java:227) at org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:91) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) {code}
    via by Rob Winch,
    • java.lang.NullPointerException at org.springframework.web.util.ExpressionEvaluationUtils.isSpringJspExpressionSupportActive(ExpressionEvaluationUtils.java:73) at org.springframework.web.util.ExpressionEvaluationUtils.evaluateString(ExpressionEvaluationUtils.java:148) at org.springframework.security.taglibs.authz.LegacyAuthorizeTag.doStartTag(LegacyAuthorizeTag.java:74) at org.springframework.security.taglibs.velocity.AuthzImpl.ifGranted(AuthzImpl.java:103) at org.springframework.security.taglibs.velocity.AuthzImpl.allGranted(AuthzImpl.java:45) at org.springframework.security.taglibs.velocity.AuthzImplAuthorizeTagTest.testAlwaysReturnsUnauthorizedIfNoUserFound(AuthzImplAuthorizeTagTest.java:58) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at junit.framework.TestCase.runTest(TestCase.java:168) at junit.framework.TestCase.runBare(TestCase.java:134) at junit.framework.TestResult$1.protect(TestResult.java:110) at junit.framework.TestResult.runProtected(TestResult.java:128) at junit.framework.TestResult.run(TestResult.java:113) at junit.framework.TestCase.run(TestCase.java:124) at junit.framework.TestSuite.runTest(TestSuite.java:232) at junit.framework.TestSuite.run(TestSuite.java:227) at org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:91) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
    No Bugmate found.