Fix NPE in HttpAuthFilter.getRemoteUser()

HttpAuthFilter.getRemoteUser() was updated to honor the userNameToLowerCase setting with the change in If4398bc9. However, remoteUser as returned by RemoteUserUtil.getRemoteUser() can be null, so we should additionally guard against null values before performing the toLowerCase() conversion. Change-Id: I0f3265976824231b9e15fc55dd35d012db4f33bb
2016-04-29 10:31:24 -05:00 · 2016-04-29 10:31:24 -05:00 · eb44c0e18b
parent e2f4c2f127
commit eb44c0e18b
1 changed files with 2 additions and 1 deletions
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpAuthFilter.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpAuthFilter.java
@ -140,7 +140,8 @@ class HttpAuthFilter implements Filter {

  String getRemoteUser(HttpServletRequest req) {
    String remoteUser = RemoteUserUtil.getRemoteUser(req, loginHeader);
-    return userNameToLowerCase ? remoteUser.toLowerCase(Locale.US) : remoteUser;
+    return (userNameToLowerCase && remoteUser != null) ?
+        remoteUser.toLowerCase(Locale.US) : remoteUser;
  }

  String getRemoteDisplayname(HttpServletRequest req) {