[
https://issues.apache.org/jira/browse/SYNCOPE-1867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Misagh Moayyed resolved SYNCOPE-1867.
-------------------------------------
Resolution: Fixed
> Prevent NPE when fetching realm entitlements to enforce authorization
> ---------------------------------------------------------------------
>
> Key: SYNCOPE-1867
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1867
> Project: Syncope
> Issue Type: Bug
> Components: console, core
> Affects Versions: 3.0.10, 4.0.0-M0
> Reporter: Misagh Moayyed
> Assignee: Misagh Moayyed
> Priority: Major
> Fix For: 3.0.11, 4.0.0
>
>
> To reproduce:
> # Log in to Syncope console with a user that does not have the entitlement,
> `IdRepoEntitlement.REALM_SEARCH`
> # On the dashboard, attempt to browse to the list of users in the realm
> # See this error in the logs:
> {code:java}
> java.lang.NullPointerException: Cannot invoke "java.util.Set.stream()"
> because the return value of "java.util.Map.get(Object)" is null
> at
> org.apache.syncope.core.logic.RealmLogic.lambda$search$2(RealmLogic.java:135)
> ~[syncope-core-idrepo-logic-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
> at
> java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
> ~[?:?]
> at java.base/java.util.Iterator.forEachRemaining(Iterator.java:133) ~[?:?]
> at
> java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1939)
> ~[?:?]
> at
> java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
> ~[?:?]
> at
> java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
> ~[?:?]
> at
> java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575)
> ~[?:?]
> at
> java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)
> ~[?:?]
> at
> java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616)
> ~[?:?]
> at
> java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622)
> ~[?:?]
> at
> java.base/java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627)
> ~[?:?]
> at org.apache.syncope.core.logic.RealmLogic.search(RealmLogic.java:138)
> ~[syncope-core-idrepo-logic-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
> at
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
> ~[?:?]
> at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:359)
> ~[spring-aop-6.2.3.jar:6.2.3]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoi
> {code}
> The realm search functionality in `RealmLogic` is attempting to find the
> entitlement before executing the search. When not found, the result as null
> will present the error. This is the affected line:
> {code:java}
> AuthContextUtils.getAuthorizations().get(IdRepoEntitlement.REALM_SEARCH).stream().
> {code}
>
> To fix, update the line to use a default empty set when the entitlement is
> not found:
> {code:java}
> AuthContextUtils.getAuthorizations().getOrDefault(IdRepoEntitlement.REALM_SEARCH,
> Set.of());
> {code}
> Then, examine other Logic components to find similar matches and instances
> and fix, if any.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
