[
https://issues.apache.org/jira/browse/SHIRO-685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francois Papon resolved SHIRO-685.
----------------------------------
Resolution: Resolved
> Potential NullPointerException if PermissionResolver return null/empty string
> -----------------------------------------------------------------------------
>
> Key: SHIRO-685
> URL: https://issues.apache.org/jira/browse/SHIRO-685
> Project: Shiro
> Issue Type: Bug
> Reporter: Brian Demers
> Assignee: Francois Papon
> Priority: Minor
> Fix For: 1.5.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Reported via email on a private list
> Email contents:
> When judging whether a person has permission or not, if null or ""
> in the permissionSet, it throws new Illegal ArgumentException ("
> Wildcard string cannot be null or empty. Make sure permission strings
> are properly formatted "). but if null or "" in the roleSet, it's no
> problem
> so i suggest yours to adding a judgement (I'm sorry that I had
> create a new file in github because I can't find a page to submit
> issues. I'm sorry for the trouble)
> Here is the code(Code
> address:org.apache.shiro.realm.AuthorizingRealm, method:private
> Collection<Permission> resolvePermissions(Collection<String>
> stringPerms)):
> --------------------------------------The original
> code:--------------------------------------
> {code}
> private Collection<Permission> resolvePermissions(Collection<String>
> stringPerms)
> {
> Collection<Permission> perms = Collections.emptySet();
> PermissionResolver resolver = getPermissionResolver();
> if ((resolver != null) && (!CollectionUtils.isEmpty(stringPerms)))
> {
> perms = new LinkedHashSet(stringPerms.size());
> for (String strPermission : stringPerms)
> {
> Permission permission = resolver.resolvePermission(strPermission);
> perms.add(permission);
> }
> }
> return perms;
> }
> {code}
> --------------------------------------my code1(I suggest this
> way):--------------------------------------
> {code}
> private Collection<Permission> resolvePermissions(Collection<String>
> stringPerms)
> {
> Collection<Permission> perms = Collections.emptySet();
> PermissionResolver resolver = getPermissionResolver();
> if ((resolver != null) && (!CollectionUtils.isEmpty(stringPerms)))
> {
> perms = new LinkedHashSet(stringPerms.size());
> for (String strPermission : stringPerms)
> {
>
> //对数据库中的permission进行判断,因为WildcardPermission中的setParts里StringUtils.clean(wildcardString);会把""转为null
> if(StringUtils.isBlank(strPermission))
> continue;
> Permission permission = resolver.resolvePermission(strPermission);
> perms.add(permission);
> }
> }
> return perms;
> }
> {code}
> --------------------------------------or my
> code2--------------------------------------
> {code}
> private Collection<Permission> resolvePermissions(Collection<String>
> stringPerms)
> {
> Collection<Permission> perms = Collections.emptySet();
> PermissionResolver resolver = getPermissionResolver();
> //此处进行判断,如果数据库中的permission集合set中有null对象,删掉
> Collection<String> newStrPerms = new HashSet<String>();
> for(String permission : stringPerms)
> {
> if(StringUtils.isBlank(permission))
> newStrPerms.add(permission);
> }
> stringPerms = newStrPerms;
> if ((resolver != null) && (!CollectionUtils.isEmpty(stringPerms)))
> {
> perms = new LinkedHashSet(stringPerms.size());
> for (String strPermission : stringPerms)
> {
> Permission permission = resolver.resolvePermission(strPermission);
> perms.add(permission);
> }
> }
> return perms;
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
