From 52c1ea19bf22efa376d51eb1bfcf90cf71957671 Mon Sep 17 00:00:00 2001 From: Michael Bischoff Date: Sun, 20 Jan 2019 13:48:10 +0100 Subject: [PATCH] Nullpointer on nonexistent session (#58) When Jenkins is restarted(or session information otherwise lost) half way through the interaction it might not have a session at this point. --- .../java/org/jenkinsci/plugins/oic/OicSecurityRealm.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java index e02ba171..d2cee0b8 100644 --- a/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java @@ -619,7 +619,12 @@ private String buildOAuthRedirectUrl() throws NullPointerException { * @return an HttpResponse */ public HttpResponse doFinishLogin(StaplerRequest request) { - return OicSession.getCurrent().doFinishLogin(request); + OicSession currentSession = OicSession.getCurrent(); + if(currentSession==null) { + LOGGER.fine("No session to resume (perhaps jenkins was restarted?)"); + return HttpResponses.errorWithoutStack(401, "Unauthorized"); + } + return currentSession.doFinishLogin(request); } /**