SEC-896: Changed result.toString() to String.valueOf(result) in tag class to prevent NPE when value of property is null

taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java

@@ -33,7 +33,7 @@ import javax.servlet.jsp.tagext.TagSupport;
 
 /**
  * An {@link javax.servlet.jsp.tagext.Tag} implementation that allows convenient access to the current
- * <code>Authentication</code> object. The <tt>operation</tt> attribute
+ * <code>Authentication</code> object.
  * <p>
  * Whilst JSPs can access the <code>SecurityContext</code> directly, this tag avoids handling <code>null</code> conditions.
  *
@@ -93,7 +93,8 @@ public class AuthenticationTag extends TagSupport {
 
             if (auth.getPrincipal() == null) {
                 return Tag.EVAL_PAGE;
-            } else {
+            }
+            
             try {
                 BeanWrapperImpl wrapper = new BeanWrapperImpl(auth);
                 result = wrapper.getPropertyValue(property);
@@ -101,7 +102,6 @@ public class AuthenticationTag extends TagSupport {
                 throw new JspException(e);
             }
         }
-        }
 
         if (var != null) {
             /*
@@ -120,7 +120,7 @@ public class AuthenticationTag extends TagSupport {
                 }
             }
         } else {
-            writeMessage(result.toString());
+            writeMessage(String.valueOf(result));
         }
         return EVAL_PAGE;
     }