ログイン処理のNPE(2)

Hudson

Hudsonのサインアップについてソースをみていたのですが、HudsonPrivateSecurityRealmの86行目

        User u = createAccount(req, rsp, true, "signup.jelly");
        if(u!=null) {
            // ... and let him login
            Authentication a = u.getProperty(Details.class).createAuthentication();
            a = HudsonFilter.AUTHENTICATION_MANAGER.authenticate(a);
            SecurityContextHolder.getContext().setAuthentication(a);

            // then back to top
            req.getView(this,"success.jelly").forward(req,rsp);
        }

によると、アカウントを作成できたら、ログイン状態にして"success.jelly"を表示するのが想定する動きのようだけど、
1.258ではサインアップ成功後、ログイン画面が表示されてログには、

Caused by: org.acegisecurity.BadCredentialsException: Bad credentials
        at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDeta
        at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
        at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
        at hudson.security.AuthenticationManagerProxy.authenticate(AuthenticationManagerProxy.java:27)
        at hudson.security.HudsonPrivateSecurityRealm.doCreateAccount(HudsonPrivateSecurityRealm.java:90)
        ... 67 more

がでてる...

ソースを見ても分からないので、古いアーカイブで確かめてみると1.223で発生したようです。

What's new in 1.223

* Users should be allowed to configure himself regardless of the permission setting.
* Plugins that are already installed shouldn't show up in the "available" list. (discussion)
* Fixed NPE when trying to reset the proxy setting in the update center (discussion)
* "Hudson's own user database" can be now configured to prevent sign-up.
* Administrator can now create user accounts for others (issue 1193)
* Authentication failure now leaves the INFO log on Hudson server log.
* Maven jobs can be now executed with its own private local Maven repository for better isolation. (issue 1044, issue 1280)

うーん、どれかだとは思うけれど、清水エスパルスが負けて鬱なので寝ます。

追記: こうかもしれない

Index: HudsonPrivateSecurityRealm.java
===================================================================
--- HudsonPrivateSecurityRealm.java     (リビジョン 12909)
+++ HudsonPrivateSecurityRealm.java     (作業コピー)
@@ -280,7 +280,7 @@
         }

         /*package*/ Authentication createAuthentication() {
-            return new UsernamePasswordAuthenticationToken(null, password);
+            return new UsernamePasswordAuthenticationToken(getUsername(), getPassword());
         }
     }