This bug is very simple. I marked as v1.1.0 because I check the trunk and the bug still there.
The authenticationFailed method from JSFAuthenticationBindings try to cast the authenticationFailedPermission to a URLPermission at line 148 and throws a ClassCastException because authenticationFailedPermission is a JSFPermission that extends javax.security.Permission.
This fail on a IF that try to check if the authenticationFailedPermission is null or empty. Instead of cast the instance as follow:
just check the name and the bug is fixed:
!authenticationFailedPermission.getName().length() == 0
I marked as priority 9 because this bug turn the JSFAuthentication bad to use.
PS.:I don't assigned to me because I am at work and can't fix now. Is a very simple bug that can be fixed quicly.
Log in to post a comment.