Bugs item #1034146, was opened at 2004-09-24 10:49
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=376685&aid=1034146&group_id=22866
Category: JBossServer
Group: v3.2
Status: Open
Resolution: None
Priority: 5
Submitted By: sappenin (sappenin)
Assigned to: Nobody/Anonymous (nobody)
Summary: NPE JBossSecurityMgrRealm.hasRole() Line 428
Initial Comment:
I'm getting a NPE in
org.jboss.web.tomcat.security.JBossSecurityMgrRealm.hasRole(JBossSecurityMgrRealm.java:428).
on line 428.
I'm not sure why my security Context is null, but it
is. So, if we start at line 407....when the
securityCtx reference is null, the server logs a
warning "Warning: no security context available". The
boolean variable "hasRole" is left with its default
value of "false", which funnels the code into the
"else" block at line 426. Here, the object
"securityCtx" is used, but is still "null", resulting
in an NPE.
At the very least, the code should be checking to see
if the "securityCtx" reference on line 428 is null or
not. However, the previous if/else block (starting on
line 407) will guarantee that if the "securityCtx" is
null, then the "hasRole" variable will always be false.
So, it doesn't really make sense to be trying to EVER
access the "securityCtx" object on line 428 since this
will always be null given the current setup.
/**
* Return <code>true</code> if the specified
Principal has the specified
* security role, within the context of this Realm;
otherwise return
* <code>false</code>.
*
* @param principal Principal for whom the role is
to be checked
* @param role Security role to be checked
*/
public boolean hasRole(Principal principal, String role)
{
if( trace )
log.trace("Begin hasRole, principal=" +
principal + ", role=" + role);
boolean hasRole = false;
try
{
Set requiredRoles = new HashSet();
requiredRoles.add(new SimplePrincipal(role));
// Get the JBoss security manager from the ENC
context
Context securityCtx = getSecurityContext();
if (securityCtx != null)
{
RealmMapping securityMgr = (RealmMapping)
securityCtx.lookup("realmMapping");
// Check for a callerPrincipal mapping
Principal authPrincipal = (Principal)
userPrincipalMap.get(principal);
if( authPrincipal == null )
authPrincipal = principal;
hasRole =
securityMgr.doesUserHaveRole(authPrincipal, requiredRoles);
}
else
{
log.warn("Warning: no security context
available");
}
if (hasRole)
{
if( trace )
log.trace("User: " + principal + " is
authorized");
}
else
{
RealmMapping securityMgr = (RealmMapping)
securityCtx.lookup("realmMapping");
Set userRoles =
securityMgr.getUserRoles(principal);
if( trace )
log.trace("User: " + principal + " is
NOT authorized, requiredRoles=" + requiredRoles + ",
userRoles=" + userRoles);
}
}
catch (NamingException e)
{
log.error("Error during authorize", e);
}
if( trace )
log.trace("End hasRole, principal=" +
principal + ", role=" + role + ", hasRole=" + hasRole);
return hasRole;
}
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=376685&aid=1034146&group_id=22866
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
