FindBugs Results

The following document contains the results of FindBugs.

Summary

FilesErrors
110220

Files

FilesViolations
org.acegisecurity.ConfigAttributeDefinition 1
org.acegisecurity.acl.AclProviderManager 5
org.acegisecurity.adapters.AbstractAdapterAuthenticationToken 2
org.acegisecurity.adapters.PrincipalAcegiUserToken 2
org.acegisecurity.afterinvocation.AfterInvocationProviderManager 3
org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider 3
org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider 3
org.acegisecurity.captcha.CaptchaEntryPoint 2
org.acegisecurity.captcha.CaptchaValidationProcessingFilter 2
org.acegisecurity.concurrent.ConcurrentSessionFilter 2
org.acegisecurity.concurrent.SessionInformation 2
org.acegisecurity.concurrent.SessionRegistryImpl 2
org.acegisecurity.context.HttpSessionContextIntegrationFilter 2
org.acegisecurity.providers.AbstractAuthenticationToken 1
org.acegisecurity.providers.ProviderManager 5
org.acegisecurity.providers.TestingAuthenticationToken 3
org.acegisecurity.providers.UsernamePasswordAuthenticationToken 3
org.acegisecurity.runas.RunAsImplAuthenticationProvider 2
org.acegisecurity.runas.RunAsUserToken 3
org.acegisecurity.securechannel.ChannelDecisionManagerImpl 3
org.acegisecurity.securechannel.RetryWithHttpEntryPoint 1
org.acegisecurity.securechannel.RetryWithHttpsEntryPoint 1
org.acegisecurity.ui.AbstractProcessingFilter 1
org.acegisecurity.userdetails.User 2
org.acegisecurity.util.FilterToBeanProxy 4
org.acegisecurity.util.MethodInvocationUtils 2
org.acegisecurity.util.PortResolverImpl 1
org.acegisecurity.util.SimpleMethodInvocation 2
org.acegisecurity.util.StringSplitUtils 1
org.acegisecurity.vote.AbstractAccessDecisionManager 3
org.acegisecurity.vote.BasicAclEntryVoter 4
org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter 1
org.acegisecurity.acl.basic.BasicAclProvider 7
org.acegisecurity.acl.basic.GrantedAuthorityEffectiveAclsResolver 4
org.acegisecurity.acl.basic.SimpleAclEntry 2
org.acegisecurity.context.rmi.ContextPropagatingRemoteInvocation 1
org.acegisecurity.intercept.method.MethodDefinitionAttributes 3
org.acegisecurity.intercept.method.MethodDefinitionMap 2
org.acegisecurity.intercept.method.MethodInvocationPrivilegeEvaluator 2
org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap 1
org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap 2
org.acegisecurity.intercept.web.SecurityEnforcementFilter 3
org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider 2
org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken 4
org.acegisecurity.providers.cas.CasAuthenticationToken 4
org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider 4
org.acegisecurity.providers.encoding.Md5PasswordEncoder 1
org.acegisecurity.providers.encoding.ShaPasswordEncoder 1
org.acegisecurity.providers.jaas.JaasAuthenticationProvider 5
org.acegisecurity.providers.jaas.JaasAuthenticationToken 1
org.acegisecurity.providers.jaas.JaasNameCallbackHandler 1
org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider 2
org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken 4
org.acegisecurity.providers.x509.X509AuthenticationToken 3
org.acegisecurity.taglibs.authz.AclTag 2
org.acegisecurity.taglibs.authz.AuthenticationTag 1
org.acegisecurity.taglibs.velocity.AuthzImpl 2
org.acegisecurity.ui.digestauth.DigestProcessingFilter 4
org.acegisecurity.ui.digestauth.DigestProcessingFilterEntryPoint 1
org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices 2
org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter 2
org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint 2
org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter 1
org.acegisecurity.userdetails.memory.UserAttributeEditor 1
org.acegisecurity.userdetails.memory.UserMap 2
org.acegisecurity.acl.basic.cache.BasicAclEntryHolder 2
org.acegisecurity.acl.basic.cache.EhCacheBasedAclEntryCache 3
org.acegisecurity.acl.basic.cache.NullAclEntryCache 1
org.acegisecurity.acl.basic.jdbc.JdbcDaoImpl 4
org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor 2
org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor 2
javax.servlet.http.HttpServletRequestWrapper 1
org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl 6
org.acegisecurity.adapters.AuthByAdapterProvider 1
org.acegisecurity.afterinvocation.CollectionFilterer 1
org.acegisecurity.intercept.AbstractSecurityInterceptor 3
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter 1
org.acegisecurity.providers.cas.CasAuthenticationProvider 5
org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache 1
org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator 1
org.acegisecurity.providers.cas.proxy.NamedCasProxyDecider 1
org.acegisecurity.providers.dao.DaoAuthenticationProvider 1
org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache 1
org.acegisecurity.providers.jaas.SecurityContextLoginModule 1
org.acegisecurity.providers.rcp.RemoteAuthenticationManagerImpl 1
org.acegisecurity.providers.rcp.RemoteAuthenticationProvider 1
org.acegisecurity.providers.x509.X509AuthenticationProvider 1
org.acegisecurity.providers.x509.cache.EhCacheBasedX509UserCache 1
org.acegisecurity.providers.x509.populator.DaoX509AuthoritiesPopulator 1
org.acegisecurity.securechannel.ChannelProcessingFilter 2
org.acegisecurity.ui.basicauth.BasicProcessingFilter 2
org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint 1
org.acegisecurity.ui.x509.X509ProcessingFilter 1
org.acegisecurity.userdetails.memory.InMemoryDaoImpl 1
org.acegisecurity.util.FilterChainProxy 2
org.acegisecurity.vote.AbstractAclVoter 1
org.acegisecurity.acl.basic.jdbc.JdbcDaoImpl$AclDetailsHolder 1
org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclObjectIdentityDelete 1
org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclObjectIdentityInsert 1
org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclPermissionDelete 1
org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclPermissionInsert 1
org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclPermissionUpdate 1
org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$LookupPermissionIdMapping 1
org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor$InternalMethodInvocation 1
org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap$EntryHolder 1
org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap$EntryHolder 1
org.acegisecurity.taglibs.velocity.AuthzImpl$MyAclTag 1
org.acegisecurity.taglibs.velocity.AuthzImpl$MyAuthenticationTag 1
org.acegisecurity.userdetails.jdbc.JdbcDaoImpl$UsersByUsernameMapping 1
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain 1

org.acegisecurity.ConfigAttributeDefinition

ViolationLine
HE: org.acegisecurity.ConfigAttributeDefinition defines equals and uses Object.hashCode() 0

org.acegisecurity.acl.AclProviderManager

ViolationLine
PZLA: Should org.acegisecurity.acl.AclProviderManager.getAcls(Object) return a zero length array rather than null? 76
PZLA: Should org.acegisecurity.acl.AclProviderManager.getAcls(Object,org.acegisecurity.Authentication) return a zero length array rather than null? 109
NP: Possible null pointer dereference in org.acegisecurity.acl.AclProviderManager.setProviders(java.util.List) on exception path 133
DLS: Dead store to local variable in method org.acegisecurity.acl.AclProviderManager.setProviders(java.util.List) 131
UwF: Field not initialized in constructor: org.acegisecurity.acl.AclProviderManager.providers 0

org.acegisecurity.adapters.AbstractAdapterAuthenticationToken

ViolationLine
HE: org.acegisecurity.adapters.AbstractAdapterAuthenticationToken defines equals and uses Object.hashCode() 0
EI: org.acegisecurity.adapters.AbstractAdapterAuthenticationToken.getAuthorities() may expose internal representation by returning org.acegisecurity.adapters.AbstractAdapterAuthenticationToken.authorities 77

org.acegisecurity.adapters.PrincipalAcegiUserToken

ViolationLine
HE: org.acegisecurity.adapters.PrincipalAcegiUserToken inherits equals and uses Object.hashCode() 0
RI: Class org.acegisecurity.adapters.PrincipalAcegiUserToken implements same interface as superclass. 0

org.acegisecurity.afterinvocation.AfterInvocationProviderManager

ViolationLine
NP: Possible null pointer dereference in org.acegisecurity.afterinvocation.AfterInvocationProviderManager.setProviders(java.util.List) on exception path 80
DLS: Dead store to local variable in method org.acegisecurity.afterinvocation.AfterInvocationProviderManager.setProviders(java.util.List) 78
UwF: Field not initialized in constructor: org.acegisecurity.afterinvocation.AfterInvocationProviderManager.providers 0

org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider

ViolationLine
EI2: org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider.setRequirePermission(int[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider.requirePermission 136
EI: org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider.getRequirePermission() may expose internal representation by returning org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider.requirePermission 140
UwF: Field not initialized in constructor: org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider.aclManager 0

org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider

ViolationLine
EI: org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider.getRequirePermission() may expose internal representation by returning org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider.requirePermission 189
EI2: org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider.setRequirePermission(int[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider.requirePermission 205
UwF: Field not initialized in constructor: org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider.aclManager 0

org.acegisecurity.captcha.CaptchaEntryPoint

ViolationLine
Dm: Method org.acegisecurity.captcha.CaptchaEntryPoint.buildInternalRedirect(StringBuffer,javax.servlet.http.HttpServletRequest) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 327
BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to class javax.servlet.http.HttpServletRequest in org.acegisecurity.captcha.CaptchaEntryPoint.commence(javax.servlet.ServletRequest,javax.servlet.ServletResponse) 296

org.acegisecurity.captcha.CaptchaValidationProcessingFilter

ViolationLine
RCN: Nullcheck of value previously dereferenced org.acegisecurity.captcha.CaptchaValidationProcessingFilter.doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain) 104
UwF: Field not initialized in constructor: org.acegisecurity.captcha.CaptchaValidationProcessingFilter.captchaService 0

org.acegisecurity.concurrent.ConcurrentSessionFilter

ViolationLine
BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to class javax.servlet.http.HttpServletRequest in org.acegisecurity.concurrent.ConcurrentSessionFilter.doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain) 90
UwF: Field not initialized in constructor: org.acegisecurity.concurrent.ConcurrentSessionFilter.sessionRegistry 0

org.acegisecurity.concurrent.SessionInformation

ViolationLine
EI2: org.acegisecurity.concurrent.SessionInformation.<init>(Object,String,java.util.Date) may expose internal representation by storing an externally mutable object into org.acegisecurity.concurrent.SessionInformation.lastRequest 61
EI: org.acegisecurity.concurrent.SessionInformation.getLastRequest() may expose internal representation by returning org.acegisecurity.concurrent.SessionInformation.lastRequest 73

org.acegisecurity.concurrent.SessionRegistryImpl

ViolationLine
PZLA: Should org.acegisecurity.concurrent.SessionRegistryImpl.getAllSessions(Object) return a zero length array rather than null? 66
ITA: Method org.acegisecurity.concurrent.SessionRegistryImpl.getAllSessions(Object) uses Collection.toArray() with zero-length array argument 76

org.acegisecurity.context.HttpSessionContextIntegrationFilter

ViolationLine
BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to class javax.servlet.http.HttpServletRequest in org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain) 166
UwF: Field not initialized in constructor: org.acegisecurity.context.HttpSessionContextIntegrationFilter.contextObject 0

org.acegisecurity.providers.AbstractAuthenticationToken

ViolationLine
HE: org.acegisecurity.providers.AbstractAuthenticationToken defines equals and uses Object.hashCode() 0

org.acegisecurity.providers.ProviderManager

ViolationLine
NP: Possible null pointer dereference in org.acegisecurity.providers.ProviderManager.setProviders(java.util.List) on exception path 310
DLS: Dead store to local variable in method org.acegisecurity.providers.ProviderManager.setProviders(java.util.List) 308
UwF: Field not initialized in constructor: org.acegisecurity.providers.ProviderManager.applicationEventPublisher 0
UwF: Field not initialized in constructor: org.acegisecurity.providers.ProviderManager.exceptionMappings 0
UwF: Field not initialized in constructor: org.acegisecurity.providers.ProviderManager.providers 0

org.acegisecurity.providers.TestingAuthenticationToken

ViolationLine
HE: org.acegisecurity.providers.TestingAuthenticationToken inherits equals and uses Object.hashCode() 0
EI2: org.acegisecurity.providers.TestingAuthenticationToken.<init>(Object,Object,org.acegisecurity.GrantedAuthority[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.providers.TestingAuthenticationToken.authorities 47
EI: org.acegisecurity.providers.TestingAuthenticationToken.getAuthorities() may expose internal representation by returning org.acegisecurity.providers.TestingAuthenticationToken.authorities 65

org.acegisecurity.providers.UsernamePasswordAuthenticationToken

ViolationLine
HE: org.acegisecurity.providers.UsernamePasswordAuthenticationToken inherits equals and uses Object.hashCode() 0
EI2: org.acegisecurity.providers.UsernamePasswordAuthenticationToken.<init>(Object,Object,org.acegisecurity.GrantedAuthority[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.providers.UsernamePasswordAuthenticationToken.authorities 77
EI: org.acegisecurity.providers.UsernamePasswordAuthenticationToken.getAuthorities() may expose internal representation by returning org.acegisecurity.providers.UsernamePasswordAuthenticationToken.authorities 102

org.acegisecurity.runas.RunAsImplAuthenticationProvider

ViolationLine
BC: Unchecked/unconfirmed cast from org.acegisecurity.Authentication to class org.acegisecurity.runas.RunAsUserToken in org.acegisecurity.runas.RunAsImplAuthenticationProvider.authenticate(org.acegisecurity.Authentication) 61
UwF: Field not initialized in constructor: org.acegisecurity.runas.RunAsImplAuthenticationProvider.key 0

org.acegisecurity.runas.RunAsUserToken

ViolationLine
HE: org.acegisecurity.runas.RunAsUserToken inherits equals and uses Object.hashCode() 0
EI2: org.acegisecurity.runas.RunAsUserToken.<init>(String,Object,Object,org.acegisecurity.GrantedAuthority[],Class) may expose internal representation by storing an externally mutable object into org.acegisecurity.runas.RunAsUserToken.authorities 45
EI: org.acegisecurity.runas.RunAsUserToken.getAuthorities() may expose internal representation by returning org.acegisecurity.runas.RunAsUserToken.authorities 67

org.acegisecurity.securechannel.ChannelDecisionManagerImpl

ViolationLine
NP: Possible null pointer dereference in org.acegisecurity.securechannel.ChannelDecisionManagerImpl.setChannelProcessors(java.util.List) on exception path 72
DLS: Dead store to local variable in method org.acegisecurity.securechannel.ChannelDecisionManagerImpl.setChannelProcessors(java.util.List) 70
UwF: Field not initialized in constructor: org.acegisecurity.securechannel.ChannelDecisionManagerImpl.channelProcessors 0

org.acegisecurity.securechannel.RetryWithHttpEntryPoint

ViolationLine
BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to class javax.servlet.http.HttpServletRequest in org.acegisecurity.securechannel.RetryWithHttpEntryPoint.commence(javax.servlet.ServletRequest,javax.servlet.ServletResponse) 86

org.acegisecurity.securechannel.RetryWithHttpsEntryPoint

ViolationLine
BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to class javax.servlet.http.HttpServletRequest in org.acegisecurity.securechannel.RetryWithHttpsEntryPoint.commence(javax.servlet.ServletRequest,javax.servlet.ServletResponse) 86

org.acegisecurity.ui.AbstractProcessingFilter

ViolationLine
DE: org.acegisecurity.ui.AbstractProcessingFilter.unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,org.acegisecurity.AuthenticationException) might ignore java.lang.Exception 455

org.acegisecurity.userdetails.User

ViolationLine
HE: org.acegisecurity.userdetails.User defines equals and uses Object.hashCode() 0
EI: org.acegisecurity.userdetails.User.getAuthorities() may expose internal representation by returning org.acegisecurity.userdetails.User.authorities 201

org.acegisecurity.util.FilterToBeanProxy

ViolationLine
Dm: Method org.acegisecurity.util.FilterToBeanProxy.init(javax.servlet.FilterConfig) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 128
UwF: Field not initialized in constructor: org.acegisecurity.util.FilterToBeanProxy.filterConfig 0
IS2: Inconsistent synchronization of org.acegisecurity.util.FilterToBeanProxy.initialized; locked 66% of time 116
IS2: Inconsistent synchronization of org.acegisecurity.util.FilterToBeanProxy.servletContainerManaged; locked 66% of time 109

org.acegisecurity.util.MethodInvocationUtils

ViolationLine
IL: There is an apparent infinite recursive loop in org.acegisecurity.util.MethodInvocationUtils.createFromClass(Class,String). 103
REC: Method org.acegisecurity.util.MethodInvocationUtils.createFromClass(Class,String,Class[]) catches Exception, but Exception is not thrown in the try block and RuntimeException is not explicitly caught 128

org.acegisecurity.util.PortResolverImpl

ViolationLine
Dm: Method org.acegisecurity.util.PortResolverImpl.getServerPort(javax.servlet.ServletRequest) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 60

org.acegisecurity.util.SimpleMethodInvocation

ViolationLine
EI2: org.acegisecurity.util.SimpleMethodInvocation.<init>(java.lang.reflect.Method,Object[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.util.SimpleMethodInvocation.arguments 40
EI: org.acegisecurity.util.SimpleMethodInvocation.getArguments() may expose internal representation by returning org.acegisecurity.util.SimpleMethodInvocation.arguments 48

org.acegisecurity.util.StringSplitUtils

ViolationLine
PZLA: Should org.acegisecurity.util.StringSplitUtils.split(String,String) return a zero length array rather than null? 63

org.acegisecurity.vote.AbstractAccessDecisionManager

ViolationLine
NP: Possible null pointer dereference in org.acegisecurity.vote.AbstractAccessDecisionManager.setDecisionVoters(java.util.List) on exception path 88
DLS: Dead store to local variable in method org.acegisecurity.vote.AbstractAccessDecisionManager.setDecisionVoters(java.util.List) 86
UwF: Field not initialized in constructor: org.acegisecurity.vote.AbstractAccessDecisionManager.decisionVoters 0

org.acegisecurity.vote.BasicAclEntryVoter

ViolationLine
EI2: org.acegisecurity.vote.BasicAclEntryVoter.setRequirePermission(int[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.vote.BasicAclEntryVoter.requirePermission 180
EI: org.acegisecurity.vote.BasicAclEntryVoter.getRequirePermission() may expose internal representation by returning org.acegisecurity.vote.BasicAclEntryVoter.requirePermission 184
UwF: Field not initialized in constructor: org.acegisecurity.vote.BasicAclEntryVoter.aclManager 0
UwF: Field not initialized in constructor: org.acegisecurity.vote.BasicAclEntryVoter.requirePermission 0

org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter

ViolationLine
BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to class javax.servlet.http.HttpServletRequest in org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain) 44

org.acegisecurity.acl.basic.BasicAclProvider

ViolationLine
PZLA: Should org.acegisecurity.acl.basic.BasicAclProvider.getAcls(Object) return a zero length array rather than null? 117
PZLA: Should org.acegisecurity.acl.basic.BasicAclProvider.lookup(AclObjectIdentity) return a zero length array rather than null? 383
PZLA: Should org.acegisecurity.acl.basic.BasicAclProvider.lookup(AclObjectIdentity) return a zero length array rather than null? 396
ITA: Method org.acegisecurity.acl.basic.BasicAclProvider.getAcls(Object) uses Collection.toArray() with zero-length array argument 173
DLS: Dead store to local variable in method org.acegisecurity.acl.basic.BasicAclProvider.afterPropertiesSet() 264
REC: Method org.acegisecurity.acl.basic.BasicAclProvider.obtainIdentity(Object) catches Exception, but Exception is not thrown in the try block and RuntimeException is not explicitly caught 363
UwF: Field not initialized in constructor: org.acegisecurity.acl.basic.BasicAclProvider.basicAclDao 0

org.acegisecurity.acl.basic.GrantedAuthorityEffectiveAclsResolver

ViolationLine
PZLA: Should org.acegisecurity.acl.basic.GrantedAuthorityEffectiveAclsResolver.resolveEffectiveAcls(org.acegisecurity.acl.AclEntry[],org.acegisecurity.Authentication) return a zero length array rather than null? 71
PZLA: Should org.acegisecurity.acl.basic.GrantedAuthorityEffectiveAclsResolver.resolveEffectiveAcls(org.acegisecurity.acl.AclEntry[],org.acegisecurity.Authentication) return a zero length array rather than null? 154
RCN: Redundant nullcheck of value known to be non-null org.acegisecurity.acl.basic.GrantedAuthorityEffectiveAclsResolver.resolveEffectiveAcls(org.acegisecurity.acl.AclEntry[],org.acegisecurity.Authentication) 77
ITA: Method org.acegisecurity.acl.basic.GrantedAuthorityEffectiveAclsResolver.resolveEffectiveAcls(org.acegisecurity.acl.AclEntry[],org.acegisecurity.Authentication) uses Collection.toArray() with zero-length array argument 147

org.acegisecurity.acl.basic.SimpleAclEntry

ViolationLine
EI: org.acegisecurity.acl.basic.SimpleAclEntry.getValidPermissions() may expose internal representation by returning org.acegisecurity.acl.basic.SimpleAclEntry.validPermissions 74
SnVI: org.acegisecurity.acl.basic.SimpleAclEntry is Serializable; consider declaring a serialVersionUID 0

org.acegisecurity.context.rmi.ContextPropagatingRemoteInvocation

ViolationLine
SnVI: org.acegisecurity.context.rmi.ContextPropagatingRemoteInvocation is Serializable; consider declaring a serialVersionUID 0

org.acegisecurity.intercept.method.MethodDefinitionAttributes

ViolationLine
DE: org.acegisecurity.intercept.method.MethodDefinitionAttributes.addInterfaceMethodAttributes(org.acegisecurity.ConfigAttributeDefinition,java.lang.reflect.Method) might ignore java.lang.Exception 147
REC: Method org.acegisecurity.intercept.method.MethodDefinitionAttributes.addInterfaceMethodAttributes(org.acegisecurity.ConfigAttributeDefinition,java.lang.reflect.Method) catches Exception, but Exception is not thrown in the try block and RuntimeException is not explicitly caught 147
UwF: Field not initialized in constructor: org.acegisecurity.intercept.method.MethodDefinitionAttributes.attributes 0

org.acegisecurity.intercept.method.MethodDefinitionMap

ViolationLine
DE: org.acegisecurity.intercept.method.MethodDefinitionMap.lookupAttributes(java.lang.reflect.Method) might ignore java.lang.Exception 230
REC: Method org.acegisecurity.intercept.method.MethodDefinitionMap.lookupAttributes(java.lang.reflect.Method) catches Exception, but Exception is not thrown in the try block and RuntimeException is not explicitly caught 230

org.acegisecurity.intercept.method.MethodInvocationPrivilegeEvaluator

ViolationLine
RCN: Nullcheck of value previously dereferenced org.acegisecurity.intercept.method.MethodInvocationPrivilegeEvaluator.isAllowed(org.aopalliance.intercept.MethodInvocation,org.acegisecurity.Authentication) 74
UwF: Field not initialized in constructor: org.acegisecurity.intercept.method.MethodInvocationPrivilegeEvaluator.securityInterceptor 0

org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap

ViolationLine
Dm: Method org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap.lookupAttributes(String) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 107

org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap

ViolationLine
Dm: Method org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap.addSecureUrl(String,org.acegisecurity.ConfigAttributeDefinition) invokes toString() method on a String; just use the String 114
Dm: Method org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap.lookupAttributes(String) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 126

org.acegisecurity.intercept.web.SecurityEnforcementFilter

ViolationLine
Dm: Method org.acegisecurity.intercept.web.SecurityEnforcementFilter.sendStartAuthentication(FilterInvocation,org.acegisecurity.AuthenticationException) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 259
UwF: Field not initialized in constructor: org.acegisecurity.intercept.web.SecurityEnforcementFilter.authenticationEntryPoint 0
UwF: Field not initialized in constructor: org.acegisecurity.intercept.web.SecurityEnforcementFilter.filterSecurityInterceptor 0

org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider

ViolationLine
BC: Unchecked/unconfirmed cast from org.acegisecurity.Authentication to class org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken in org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider.authenticate(org.acegisecurity.Authentication) 66
UwF: Field not initialized in constructor: org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider.key 0

org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken

ViolationLine
HE: org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken defines equals and uses Object.hashCode() 0
EI2: org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken.<init>(String,Object,org.acegisecurity.GrantedAuthority[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken.authorities 69
EI: org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken.getAuthorities() may expose internal representation by returning org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken.authorities 88
RI: Class org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken implements same interface as superclass. 0

org.acegisecurity.providers.cas.CasAuthenticationToken

ViolationLine
HE: org.acegisecurity.providers.cas.CasAuthenticationToken defines equals and uses Object.hashCode() 0
EI2: org.acegisecurity.providers.cas.CasAuthenticationToken.<init>(String,Object,Object,org.acegisecurity.GrantedAuthority[],org.acegisecurity.userdetails.UserDetails,java.util.List,String) may expose internal representation by storing an externally mutable object into org.acegisecurity.providers.cas.CasAuthenticationToken.authorities 91
EI: org.acegisecurity.providers.cas.CasAuthenticationToken.getAuthorities() may expose internal representation by returning org.acegisecurity.providers.cas.CasAuthenticationToken.authorities 113
RI: Class org.acegisecurity.providers.cas.CasAuthenticationToken implements same interface as superclass. 0

org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider

ViolationLine
BC: Unchecked/unconfirmed cast from org.acegisecurity.Authentication to class org.acegisecurity.providers.UsernamePasswordAuthenticationToken in org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(org.acegisecurity.Authentication) 126
BC: Unchecked/unconfirmed cast from org.acegisecurity.Authentication to class org.acegisecurity.providers.UsernamePasswordAuthenticationToken in org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(org.acegisecurity.Authentication) 153
BC: Unchecked/unconfirmed cast from org.acegisecurity.Authentication to class org.acegisecurity.providers.UsernamePasswordAuthenticationToken in org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(org.acegisecurity.Authentication) 158
BC: Unchecked/unconfirmed cast from org.acegisecurity.Authentication to class org.acegisecurity.providers.UsernamePasswordAuthenticationToken in org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(org.acegisecurity.Authentication) 160

org.acegisecurity.providers.encoding.Md5PasswordEncoder

ViolationLine
RI: Class org.acegisecurity.providers.encoding.Md5PasswordEncoder implements same interface as superclass. 0

org.acegisecurity.providers.encoding.ShaPasswordEncoder

ViolationLine
RI: Class org.acegisecurity.providers.encoding.ShaPasswordEncoder implements same interface as superclass. 0

org.acegisecurity.providers.jaas.JaasAuthenticationProvider

ViolationLine
EI2: org.acegisecurity.providers.jaas.JaasAuthenticationProvider.setAuthorityGranters(AuthorityGranter[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.providers.jaas.JaasAuthenticationProvider.authorityGranters 198
EI: org.acegisecurity.providers.jaas.JaasAuthenticationProvider.getAuthorityGranters() may expose internal representation by returning org.acegisecurity.providers.jaas.JaasAuthenticationProvider.authorityGranters 210
EI2: org.acegisecurity.providers.jaas.JaasAuthenticationProvider.setCallbackHandlers(JaasAuthenticationCallbackHandler[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.providers.jaas.JaasAuthenticationProvider.callbackHandlers 221
EI: org.acegisecurity.providers.jaas.JaasAuthenticationProvider.getCallbackHandlers() may expose internal representation by returning org.acegisecurity.providers.jaas.JaasAuthenticationProvider.callbackHandlers 232
UwF: Field not initialized in constructor: org.acegisecurity.providers.jaas.JaasAuthenticationProvider.loginConfig 0

org.acegisecurity.providers.jaas.JaasAuthenticationToken

ViolationLine
HE: org.acegisecurity.providers.jaas.JaasAuthenticationToken inherits equals and uses Object.hashCode() 0

org.acegisecurity.providers.jaas.JaasNameCallbackHandler

ViolationLine
DLS: Dead store to local variable in method org.acegisecurity.providers.jaas.JaasNameCallbackHandler.handle(javax.security.auth.callback.Callback,org.acegisecurity.Authentication) 63

org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider

ViolationLine
BC: Unchecked/unconfirmed cast from org.acegisecurity.Authentication to class org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken in org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider.authenticate(org.acegisecurity.Authentication) 66
UwF: Field not initialized in constructor: org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider.key 0

org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken

ViolationLine
HE: org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken defines equals and uses Object.hashCode() 0
EI2: org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken.<init>(String,Object,org.acegisecurity.GrantedAuthority[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken.authorities 75
EI: org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken.getAuthorities() may expose internal representation by returning org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken.authorities 94
RI: Class org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken implements same interface as superclass. 0

org.acegisecurity.providers.x509.X509AuthenticationToken

ViolationLine
HE: org.acegisecurity.providers.x509.X509AuthenticationToken inherits equals and uses Object.hashCode() 0
EI2: org.acegisecurity.providers.x509.X509AuthenticationToken.<init>(Object,java.security.cert.X509Certificate,org.acegisecurity.GrantedAuthority[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.providers.x509.X509AuthenticationToken.authorities 48
EI: org.acegisecurity.providers.x509.X509AuthenticationToken.getAuthorities() may expose internal representation by returning org.acegisecurity.providers.x509.X509AuthenticationToken.authorities 71

org.acegisecurity.taglibs.authz.AclTag

ViolationLine
SnVI: org.acegisecurity.taglibs.authz.AclTag is Serializable; consider declaring a serialVersionUID 0
ITA: Method org.acegisecurity.taglibs.authz.AclTag.parseIntegersString(String) uses Collection.toArray() with zero-length array argument 228

org.acegisecurity.taglibs.authz.AuthenticationTag

ViolationLine
Dm: Method org.acegisecurity.taglibs.authz.AuthenticationTag.invokeOperation(Object) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 119

org.acegisecurity.taglibs.velocity.AuthzImpl

ViolationLine
DLS: Dead store to local variable in method org.acegisecurity.taglibs.velocity.AuthzImpl.hasPermission(Object,String) 101
DLS: Dead store to local variable in method org.acegisecurity.taglibs.velocity.AuthzImpl.ifGranted(String,int) 129

org.acegisecurity.ui.digestauth.DigestProcessingFilter

ViolationLine
Dm: org.acegisecurity.ui.digestauth.DigestProcessingFilter.encodePasswordInA1Format(String,String,String) invokes dubious new String(String) constructor; just use the argument 385
Dm: org.acegisecurity.ui.digestauth.DigestProcessingFilter.generateDigest(boolean,String,String,String,String,String,String,String,String,String) invokes dubious new String(String) constructor; just use the argument 428
UwF: Field not initialized in constructor: org.acegisecurity.ui.digestauth.DigestProcessingFilter.authenticationEntryPoint 0
UwF: Field not initialized in constructor: org.acegisecurity.ui.digestauth.DigestProcessingFilter.userDetailsService 0

org.acegisecurity.ui.digestauth.DigestProcessingFilterEntryPoint

ViolationLine
Dm: org.acegisecurity.ui.digestauth.DigestProcessingFilterEntryPoint.commence(javax.servlet.ServletRequest,javax.servlet.ServletResponse,org.acegisecurity.AuthenticationException) invokes dubious new String(String) constructor; just use the argument 112

org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices

ViolationLine
Dm: org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.loginSuccess(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,org.acegisecurity.Authentication) invokes dubious new String(String) constructor; just use the argument 327
UwF: Field not initialized in constructor: org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.userDetailsService 0

org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter

ViolationLine
BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to class javax.servlet.http.HttpServletRequest in org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter.doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain) 347
UwF: Field not initialized in constructor: org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter.userDetailsService 0

org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint

ViolationLine
Dm: Method org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint.commence(javax.servlet.ServletRequest,javax.servlet.ServletResponse,org.acegisecurity.AuthenticationException) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 133
BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to class javax.servlet.http.HttpServletRequest in org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint.commence(javax.servlet.ServletRequest,javax.servlet.ServletResponse,org.acegisecurity.AuthenticationException) 127

org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter

ViolationLine
Dm: Method org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 129

org.acegisecurity.userdetails.memory.UserAttributeEditor

ViolationLine
Dm: Method org.acegisecurity.userdetails.memory.UserAttributeEditor.setAsText(String) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 45

org.acegisecurity.userdetails.memory.UserMap

ViolationLine
Dm: Method org.acegisecurity.userdetails.memory.UserMap.getUser(String) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 58
Dm: Method org.acegisecurity.userdetails.memory.UserMap.addUser(org.acegisecurity.userdetails.UserDetails) invokes dubious String.toUpperCase() or String.toLowerCase; use the Locale parameterized version instead 88

org.acegisecurity.acl.basic.cache.BasicAclEntryHolder

ViolationLine
EI2: org.acegisecurity.acl.basic.cache.BasicAclEntryHolder.<init>(org.acegisecurity.acl.basic.BasicAclEntry[]) may expose internal representation by storing an externally mutable object into org.acegisecurity.acl.basic.cache.BasicAclEntryHolder.basicAclEntries 68
EI: org.acegisecurity.acl.basic.cache.BasicAclEntryHolder.getBasicAclEntries() may expose internal representation by returning org.acegisecurity.acl.basic.cache.BasicAclEntryHolder.basicAclEntries 74

org.acegisecurity.acl.basic.cache.EhCacheBasedAclEntryCache

ViolationLine
PZLA: Should org.acegisecurity.acl.basic.cache.EhCacheBasedAclEntryCache.getEntriesFromCache(org.acegisecurity.acl.basic.AclObjectIdentity) return a zero length array rather than null? 79
RCN: Redundant nullcheck of value known to be non-null org.acegisecurity.acl.basic.cache.EhCacheBasedAclEntryCache.getEntriesFromCache(org.acegisecurity.acl.basic.AclObjectIdentity) 83
UwF: Field not initialized in constructor: org.acegisecurity.acl.basic.cache.EhCacheBasedAclEntryCache.cache 0

org.acegisecurity.acl.basic.cache.NullAclEntryCache

ViolationLine
PZLA: Should org.acegisecurity.acl.basic.cache.NullAclEntryCache.getEntriesFromCache(org.acegisecurity.acl.basic.AclObjectIdentity) return a zero length array rather than null? 47

org.acegisecurity.acl.basic.jdbc.JdbcDaoImpl

ViolationLine
PZLA: Should org.acegisecurity.acl.basic.jdbc.JdbcDaoImpl.getAcls(org.acegisecurity.acl.basic.AclObjectIdentity) return a zero length array rather than null? 190
PZLA: Should org.acegisecurity.acl.basic.jdbc.JdbcDaoImpl.getAcls(org.acegisecurity.acl.basic.AclObjectIdentity) return a zero length array rather than null? 198
ITA: Method org.acegisecurity.acl.basic.jdbc.JdbcDaoImpl.getAcls(org.acegisecurity.acl.basic.AclObjectIdentity) uses Collection.toArray() with zero-length array argument 215
ITA: Method org.acegisecurity.acl.basic.jdbc.JdbcDaoImpl.getAcls(org.acegisecurity.acl.basic.AclObjectIdentity) uses Collection.toArray() with zero-length array argument 224

org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor

ViolationLine
NP: Load of known null value in org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(org.aopalliance.intercept.MethodInvocation) 82
DLS: Dead store to local variable in method org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(org.aopalliance.intercept.MethodInvocation) 82

org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor

ViolationLine
NP: Load of known null value in org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor.invoke(org.aspectj.lang.JoinPoint,AspectJCallback) 90
DLS: Dead store to local variable in method org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor.invoke(org.aspectj.lang.JoinPoint,AspectJCallback) 90

javax.servlet.http.HttpServletRequestWrapper

ViolationLine
Nm: Confusing to have methods javax.servlet.http.HttpServletRequestWrapper.isRequestedSessionIdFromUrl() and javax.servlet.http.HttpServletRequestWrapper.isRequestedSessionIdFromURL() 0

org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl.aclObjectIdentityDelete 0
UwF: Field not initialized in constructor: org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl.aclObjectIdentityInsert 0
UwF: Field not initialized in constructor: org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl.aclPermissionDelete 0
UwF: Field not initialized in constructor: org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl.aclPermissionInsert 0
UwF: Field not initialized in constructor: org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl.aclPermissionUpdate 0
UwF: Field not initialized in constructor: org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl.lookupPermissionIdMapping 0

org.acegisecurity.adapters.AuthByAdapterProvider

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.adapters.AuthByAdapterProvider.key 0

org.acegisecurity.afterinvocation.CollectionFilterer

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.afterinvocation.CollectionFilterer.collectionIter 0

org.acegisecurity.intercept.AbstractSecurityInterceptor

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.intercept.AbstractSecurityInterceptor.accessDecisionManager 0
UwF: Field not initialized in constructor: org.acegisecurity.intercept.AbstractSecurityInterceptor.authenticationManager 0
UwF: Field not initialized in constructor: org.acegisecurity.intercept.AbstractSecurityInterceptor.eventPublisher 0

org.acegisecurity.providers.anonymous.AnonymousProcessingFilter

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.userAttribute 0

org.acegisecurity.providers.cas.CasAuthenticationProvider

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.cas.CasAuthenticationProvider.casAuthoritiesPopulator 0
UwF: Field not initialized in constructor: org.acegisecurity.providers.cas.CasAuthenticationProvider.casProxyDecider 0
UwF: Field not initialized in constructor: org.acegisecurity.providers.cas.CasAuthenticationProvider.key 0
UwF: Field not initialized in constructor: org.acegisecurity.providers.cas.CasAuthenticationProvider.statelessTicketCache 0
UwF: Field not initialized in constructor: org.acegisecurity.providers.cas.CasAuthenticationProvider.ticketValidator 0

org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache.cache 0

org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator.userDetailsService 0

org.acegisecurity.providers.cas.proxy.NamedCasProxyDecider

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.cas.proxy.NamedCasProxyDecider.validProxies 0

org.acegisecurity.providers.dao.DaoAuthenticationProvider

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.dao.DaoAuthenticationProvider.userDetailsService 0

org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache.cache 0

org.acegisecurity.providers.jaas.SecurityContextLoginModule

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.jaas.SecurityContextLoginModule.subject 0

org.acegisecurity.providers.rcp.RemoteAuthenticationManagerImpl

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.rcp.RemoteAuthenticationManagerImpl.authenticationManager 0

org.acegisecurity.providers.rcp.RemoteAuthenticationProvider

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.rcp.RemoteAuthenticationProvider.remoteAuthenticationManager 0

org.acegisecurity.providers.x509.X509AuthenticationProvider

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.x509.X509AuthenticationProvider.x509AuthoritiesPopulator 0

org.acegisecurity.providers.x509.cache.EhCacheBasedX509UserCache

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.x509.cache.EhCacheBasedX509UserCache.cache 0

org.acegisecurity.providers.x509.populator.DaoX509AuthoritiesPopulator

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.providers.x509.populator.DaoX509AuthoritiesPopulator.userDetailsService 0

org.acegisecurity.securechannel.ChannelProcessingFilter

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.securechannel.ChannelProcessingFilter.channelDecisionManager 0
UwF: Field not initialized in constructor: org.acegisecurity.securechannel.ChannelProcessingFilter.filterInvocationDefinitionSource 0

org.acegisecurity.ui.basicauth.BasicProcessingFilter

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.ui.basicauth.BasicProcessingFilter.authenticationEntryPoint 0
UwF: Field not initialized in constructor: org.acegisecurity.ui.basicauth.BasicProcessingFilter.authenticationManager 0

org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint.serviceProperties 0

org.acegisecurity.ui.x509.X509ProcessingFilter

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.ui.x509.X509ProcessingFilter.authenticationManager 0

org.acegisecurity.userdetails.memory.InMemoryDaoImpl

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.userdetails.memory.InMemoryDaoImpl.userMap 0

org.acegisecurity.util.FilterChainProxy

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.util.FilterChainProxy.applicationContext 0
UwF: Field not initialized in constructor: org.acegisecurity.util.FilterChainProxy.filterInvocationDefinitionSource 0

org.acegisecurity.vote.AbstractAclVoter

ViolationLine
UwF: Field not initialized in constructor: org.acegisecurity.vote.AbstractAclVoter.processDomainObjectClass 0

org.acegisecurity.acl.basic.jdbc.JdbcDaoImpl$AclDetailsHolder

ViolationLine
SIC: Should org.acegisecurity.acl.basic.jdbc.JdbcDaoImpl$AclDetailsHolder be a _static_ inner class? 0

org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclObjectIdentityDelete

ViolationLine
SIC: The class org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclObjectIdentityDelete could be refactored into a _static_ inner class 0

org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclObjectIdentityInsert

ViolationLine
SIC: The class org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclObjectIdentityInsert could be refactored into a _static_ inner class 0

org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclPermissionDelete

ViolationLine
SIC: The class org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclPermissionDelete could be refactored into a _static_ inner class 0

org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclPermissionInsert

ViolationLine
SIC: The class org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclPermissionInsert could be refactored into a _static_ inner class 0

org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclPermissionUpdate

ViolationLine
SIC: The class org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$AclPermissionUpdate could be refactored into a _static_ inner class 0

org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$LookupPermissionIdMapping

ViolationLine
SIC: The class org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl$LookupPermissionIdMapping could be refactored into a _static_ inner class 0

org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor$InternalMethodInvocation

ViolationLine
SIC: Should org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor$InternalMethodInvocation be a _static_ inner class? 0

org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap$EntryHolder

ViolationLine
SIC: Should org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap$EntryHolder be a _static_ inner class? 0

org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap$EntryHolder

ViolationLine
SIC: Should org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap$EntryHolder be a _static_ inner class? 0

org.acegisecurity.taglibs.velocity.AuthzImpl$MyAclTag

ViolationLine
SIC: Should org.acegisecurity.taglibs.velocity.AuthzImpl$MyAclTag be a _static_ inner class? 0

org.acegisecurity.taglibs.velocity.AuthzImpl$MyAuthenticationTag

ViolationLine
SIC: Should org.acegisecurity.taglibs.velocity.AuthzImpl$MyAuthenticationTag be a _static_ inner class? 0

org.acegisecurity.userdetails.jdbc.JdbcDaoImpl$UsersByUsernameMapping

ViolationLine
SIC: The class org.acegisecurity.userdetails.jdbc.JdbcDaoImpl$UsersByUsernameMapping could be refactored into a _static_ inner class 0

org.acegisecurity.util.FilterChainProxy$VirtualFilterChain

ViolationLine
SIC: Should org.acegisecurity.util.FilterChainProxy$VirtualFilterChain be a _static_ inner class? 0