Author: angela
Date: Wed Mar 25 09:30:27 2015
New Revision: 1669079
URL: http://svn.apache.org/r1669079
Log:
OAK-2672 : Possible null pointer dereferences in ExternalLoginModule
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java?rev=1669079&r1=1669078&r2=1669079&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java
Wed Mar 25 09:30:27 2015
@@ -43,6 +43,7 @@ import org.apache.jackrabbit.oak.spi.sec
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProviderManager;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException;
@@ -183,18 +184,19 @@ public class ExternalLoginModule extends
try {
SyncedIdentity sId = null;
- if (userId != null) {
- sId = syncHandler.findIdentity(getUserManager(), userId);
- // if there exists an authorizable with the given userid but
is not an external one or if it belongs to
- // another IDP, we just ignore it.
+ UserManager userMgr = getUserManager();
+ if (userId != null && userMgr != null) {
+ sId = syncHandler.findIdentity(userMgr, userId);
+ // if there exists an authorizable with the given userid but is
+ // not an external one or if it belongs to another IDP, we
just ignore it.
if (sId != null) {
- if (sId.getExternalIdRef() == null) {
+ ExternalIdentityRef externalIdRef = sId.getExternalIdRef();
+ if (externalIdRef == null) {
log.debug("ignoring local user: {}", sId.getId());
return false;
- }
- if
(!sId.getExternalIdRef().getProviderName().equals(idp.getName())) {
+ } else if
(!idp.getName().equals(externalIdRef.getProviderName())) {
if (log.isDebugEnabled()) {
- log.debug("ignoring foreign identity: {}
(idp={})", sId.getExternalIdRef().getString(), idp.getName());
+ log.debug("ignoring foreign identity: {}
(idp={})", externalIdRef.getString(), idp.getName());
}
return false;
}
@@ -357,7 +359,8 @@ public class ExternalLoginModule extends
}
- private AuthInfo createAuthInfo(String userId, Set<? extends Principal>
principals) {
+ @Nonnull
+ private AuthInfo createAuthInfo(@Nonnull String userId, @Nonnull Set<?
extends Principal> principals) {
Credentials creds;
if (credentials instanceof ImpersonationCredentials) {
creds = ((ImpersonationCredentials)
credentials).getBaseCredentials();
