_signList is not initialized in ServerManager. LibVersion=0.9.1.36

[GoogleCodeExporter]

The problem will occurs during creation of Positive Assertion (in method 
AuthSuccess.createAuthSuccess) if developer doesn't call 
serverManager.setSignList(...) before.

I think ServerManager must initialize this field automatically if user 
doesn't set it. 
private String _signList = "return_to,response_nonce";

This is the log:
java.lang.NullPointerException
    at net.openid.message.AuthSuccess.getSignedText
(AuthSuccess.java:226)
    at net.openid.message.AuthSuccess.<init>(AuthSuccess.java:63)
    at net.openid.message.AuthSuccess.createAuthSuccess
(AuthSuccess.java:79)
    at net.openid.server.ServerManager.authResponse
(ServerManager.java:502)

Original issue reported on code.google.com by alisi...@gmail.com on 13 Dec 2006 at 9:10

[GoogleCodeExporter]

The best way is to initialize this field in ServerManager.authResponse method 
before 
call AuthSuccess.createAuthSuccess(...).
It's value depends on existent request parameters and compatibility with OpenID 
Auth. 1.1

ServerManager.authResponse(...) {
  ...
  if (authenticatedAndApproved) // positive response
  {
    ....
    if (authReq.getReturnTo() != null) {
      // ############ initialize SignList automatically ############
      if( getSignList() == null ) {
        generateSignList( requestParams, isVersion2 );
      }
      // ###########################################################
      return AuthSuccess.createAuthSuccess(
           opEndpoint, claimed, id, !authReq.isVersion2(),
           authReq.getReturnTo(), _nonceGenerator.next(),
           invalidateHandle, assoc, _signList);
    }
    else
      return null;
  }
}

Original comment by alisi...@gmail.com on 13 Dec 2006 at 9:52

[GoogleCodeExporter]

Hi,

I've fixed this in rev 79, and pushed it into AuthSuccess.setSigned().

Johnny

Original comment by Johnny.B...@gmail.com on 23 Jan 2007 at 12:28

• Changed state: Fixed