Correct NPE when user doesn't have an initial session
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sat, 12 Jan 2008 08:44:29 +0000 (08:44 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sat, 12 Jan 2008 08:44:29 +0000 (08:44 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2561 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java

index b7599ef..69ce02b 100644 (file)
@@ -17,6 +17,7 @@
 package edu.internet2.middleware.shibboleth.idp.authn;
 
 import java.io.IOException;
 package edu.internet2.middleware.shibboleth.idp.authn;
 
 import java.io.IOException;
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -166,9 +167,12 @@ public class AuthenticationEngine extends HttpServlet {
         LOG.debug("Beginning user authentication process");
         try {
             Map<String, LoginHandler> possibleLoginHandlers = determinePossibleLoginHandlers(loginContext);
         LOG.debug("Beginning user authentication process");
         try {
             Map<String, LoginHandler> possibleLoginHandlers = determinePossibleLoginHandlers(loginContext);
+            ArrayList<AuthenticationMethodInformation> activeAuthnMethods = new ArrayList<AuthenticationMethodInformation>();
+
             Session userSession = (Session) httpRequest.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
             Session userSession = (Session) httpRequest.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
-            Collection<AuthenticationMethodInformation> activeAuthnMethods = userSession.getAuthenticationMethods()
-                    .values();
+            if (userSession != null) {
+                activeAuthnMethods.addAll(userSession.getAuthenticationMethods().values());
+            }
 
             if (loginContext.isForceAuthRequired()) {
                 LOG.debug("Forced authentication is required, filtering possible login handlers accordingly");
 
             if (loginContext.isForceAuthRequired()) {
                 LOG.debug("Forced authentication is required, filtering possible login handlers accordingly");