Prevent NPE in AuthenticationManager.backchannelLogout (#23306)

Previously, if the user was already removed from the userSession and the log level was set to DEBUG, then an NPE was triggered by the debug log statement during backchannelLogout. Fixes #23306
2023-09-17 22:13:35 +02:00 · 2023-09-17 22:13:35 +02:00 · 04d16ed170
commit 04d16ed170
parent f684a70048
1 changed files with 2 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@ -288,7 +288,8 @@ public class AuthenticationManager {

        if (logger.isDebugEnabled()) {
            UserModel user = userSession.getUser();
-            logger.debugv("Logging out: {0} ({1}) offline: {2}", user.getUsername(), userSession.getId(),
+            String username = user == null ? null : user.getUsername();
+            logger.debugv("Logging out: {0} ({1}) offline: {2}", username, userSession.getId(),
                    userSession.isOffline());
        }