[PR] [#2069][BUGFIX][DOC] Prevent NPE on null principal in DefaultLdapRealm#getLdapPrincipal [shiro]

[via GitHub]

SIMJIYEON93 opened a new pull request, #2066:
URL: https://github.com/apache/shiro/pull/2066

   ### What does this PR do?
   
   This PR fixes a potential NullPointerException (NPE) in 
`DefaultLdapRealm#getLdapPrincipal` when the `AuthenticationToken`'s principal 
is `null`.  
   Additionally, it updates the JavaDoc to clarify the behavior and adds a new 
unit test to verify the change.
   
   ---
   
   ### Changes
   
   1. **Bug Fix in DefaultLdapRealm#getLdapPrincipal()**
      - Before: If `token.getPrincipal()` was `null`, a `NullPointerException` 
could occur.
      - After: Explicitly throw `AuthenticationException` when principal is 
`null`.
      - **Code snippet:**
        ```java
        protected Object getLdapPrincipal(AuthenticationToken token) {
            Object principal = token.getPrincipal();
            if (principal == null) {
                throw new AuthenticationException("No principal found for 
provided credentials");
            }
            if (principal instanceof String) {
                String sPrincipal = (String) principal;
                return getUserDn(sPrincipal);
            }
            return principal;
        }
        ```
   
   2. **JavaDoc Update for getLdapPrincipal()**
      - Updated JavaDoc in two methods:
        - `queryForAuthenticationInfo()`
          ```java
          // Before
          @throws NamingException if any LDAP errors occur.
          
          // After
          @throws AuthenticationException if no principal is found or LDAP 
authentication fails.
          @throws NamingException if any LDAP errors occur.
          ```
        - `getLdapPrincipal()`
          ```java
          // Added
          @throws AuthenticationException if the principal is null
   
          // Also added in description:
          If the token's {@code principal} is {@code null}, an {@link 
AuthenticationException} will be thrown.
          ```
   
   3. **DefaultLdapRealmTest.java**
      - Added a new unit test to verify that `AuthenticationException` is 
thrown when principal is `null`.
      - **Test snippet:**
        ```java
        @Test
        void testGetLdapPrincipalNullPrincipal() {
            AuthenticationToken token = new AuthenticationToken() {
                @Override
                public Object getPrincipal() {
                    return null;
                }
   
                @Override
                public Object getCredentials() {
                    return "secret";
                }
            };
   
            assertThrows(AuthenticationException.class, () -> {
                realm.getLdapPrincipal(token);
            });
        }
        ```
   
   ---
   
   ### Additional Notes
   
   - This PR was tested locally with `mvn verify` to ensure no regressions.
   
   ---
   
   ### Related Issue
   
   fixes #2069
   
   ---
   
   ### License
   
   ✅ I hereby declare this contribution to be licensed under the [Apache 
License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@shiro.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org