NPE in AuthenticationManager backchannelLogout #23306
Description
Before reporting an issue
- I have searched existing issues
- I have reproduced the issue with the latest nightly release
Area
core
Describe the bug
In a customer project we observed UncaughtServerErrors which where caused by NPEs being thrown in AuthenticationManager#backchannelLogout. This is caused by accessing the user variable obtained from userSession.getUser() without a proper null check.
Version
22.0.1
Expected behavior
Should logout null for the username instead of throwing a NPE.
Actual behavior
BackchannelLogout sometimes yields an UncaughtServerError based on an NPE in AuthenticationManager#backchannelLogout.
How to Reproduce?
Hard to reproduce, as we need to create the sitation where the userSession is still present but the user object is gone.
Anything else?
No response