Search before asking
Environment
We integrate Shiro into our application login, no containers are used. Jdk 21.
Shiro version
2.2.1
What was the actual outcome?
In previous versions, passing a null subject into DefaultSecurityManager.login() would succeed. After #2704 fix (9371115) , this now fails with an NPE:
There is also no javadoc on the subject parameter, so it's not easy to tell if it was supposed to be mandatory or not. It doesn't seem like you should need a subject to login.
java.lang.NullPointerException: Cannot invoke "org.apache.shiro.subject.Subject.getSession(boolean)" because "subject" is null
at org.apache.shiro.mgt.DefaultSecurityManager.beforeSuccessfulLogin(DefaultSecurityManager.java:308)
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:294)
What was the expected outcome?
A new subject should be created based on the results of the login, as per previous versions.
How to reproduce
As above
Debug logs
No response
Search before asking
Environment
We integrate Shiro into our application login, no containers are used. Jdk 21.
Shiro version
2.2.1
What was the actual outcome?
In previous versions, passing a null subject into
DefaultSecurityManager.login()would succeed. After #2704 fix (9371115) , this now fails with an NPE:There is also no javadoc on the subject parameter, so it's not easy to tell if it was supposed to be mandatory or not. It doesn't seem like you should need a subject to login.
What was the expected outcome?
A new subject should be created based on the results of the login, as per previous versions.
How to reproduce
As above
Debug logs
No response