spring-projects / spring-security-kerberos

Spring Security Kerberos
https://spring.io/projects/spring-security-kerberos
185 stars 226 forks source link

NullPointerException while creating KerberosServiceRequestToken object from deserialized class. #223

Open chirag519086 opened 5 months ago

chirag519086 commented 5 months ago

Spring authorization server stores KerberosServiceRequestToken object in the database. While storing the object serialization takes place and serialized object gets stored in table. But "KerberosTicketValidation ticketValidation" field is marked as transient, so it is not serialized or stored.

While retrieving KerberosServiceRequestToken from database, de-serialization takes place and it goes to create KerberosServiceRequestToken object with deserialized fields by MixIn class.

However, while creating new object of KerberosServiceRequestToken requires "KerberosTicketValidation ticketValidation" field in the constructor. But as deserialized class doesn't contain transient field, constructor call gives NullPointerException because it uses ticketValidation subject and username to create JassSubjectHolder.

image