[jira] [Created] (SYNCOPE-1867) Prevent NPE when fetching realm entitlements to enforce authorization

Sat, 15 Mar 2025 09:28:15 -0700 

Misagh Moayyed created SYNCOPE-1867:
---------------------------------------

             Summary: Prevent NPE when fetching realm entitlements to enforce 
authorization
                 Key: SYNCOPE-1867
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1867
             Project: Syncope
          Issue Type: Bug
          Components: console, core
    Affects Versions: 4.0.0-M0, 3.0.10
            Reporter: Misagh Moayyed
            Assignee: Misagh Moayyed
             Fix For: 3.0.11, 4.0.0


To reproduce:
 # Log in to Syncope console with a user that does not have the entitlement, 
`IdRepoEntitlement.REALM_SEARCH`
 # On the dashboard, attempt to browse to the list of users in the realm
 # See this error in the logs:

{code:java}
java.lang.NullPointerException: Cannot invoke "java.util.Set.stream()" because 
the return value of "java.util.Map.get(Object)" is null
    at 
org.apache.syncope.core.logic.RealmLogic.lambda$search$2(RealmLogic.java:135) 
~[syncope-core-idrepo-logic-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
    at 
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
 ~[?:?]
    at java.base/java.util.Iterator.forEachRemaining(Iterator.java:133) ~[?:?]
    at 
java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1939)
 ~[?:?]
    at 
java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) 
~[?:?]
    at 
java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
 ~[?:?]
    at 
java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575) 
~[?:?]
    at 
java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)
 ~[?:?]
    at 
java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616)
 ~[?:?]
    at 
java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622)
 ~[?:?]
    at 
java.base/java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627) 
~[?:?]
    at org.apache.syncope.core.logic.RealmLogic.search(RealmLogic.java:138) 
~[syncope-core-idrepo-logic-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
    at 
java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
 ~[?:?]
    at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
    at 
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:359)
 ~[spring-aop-6.2.3.jar:6.2.3]
    at 
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoi 
{code}
The realm search functionality in `RealmLogic` is attempting to find the 
entitlement before executing the search. When not found, the result as null 
will present the error. This is the affected line:
{code:java}
AuthContextUtils.getAuthorizations().get(IdRepoEntitlement.REALM_SEARCH).stream().
 {code}
 

To fix, update the line to use a default empty set when the entitlement is not 
found:
{code:java}
AuthContextUtils.getAuthorizations().getOrDefault(IdRepoEntitlement.REALM_SEARCH,
 Set.of());
{code}
Then, examine other Logic components to find similar matches and instances and 
fix, if any.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to