Author: tripod
Date: Fri Oct 2 19:23:50 2015
New Revision: 1706478
URL: http://svn.apache.org/viewvc?rev=1706478&view=rev
Log:
OAK-3311 Potential NPE in syncAllExternalUsers() aborts the process
Modified:
jackrabbit/oak/branches/1.0/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImpl.java
jackrabbit/oak/branches/1.0/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTestBase.java
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
Modified:
jackrabbit/oak/branches/1.0/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImpl.java?rev=1706478&r1=1706477&r2=1706478&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.0/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImpl.java
(original)
+++
jackrabbit/oak/branches/1.0/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImpl.java
Fri Oct 2 19:23:50 2015
@@ -163,9 +163,7 @@ public class SyncMBeanImpl implements Sy
SyncResult r = context.sync(userId);
systemSession.save();
result.add(getJSONString(r));
- } catch (SyncException e) {
- log.warn("Error while syncing user {}", userId, e);
- } catch (RepositoryException e) {
+ } catch (Exception e) {
log.warn("Error while syncing user {}", userId, e);
}
}
@@ -190,9 +188,8 @@ public class SyncMBeanImpl implements Sy
SyncResult r = context.sync(id.getId());
systemSession.save();
list.add(getJSONString(r));
- } catch (SyncException e) {
- list.add(getJSONString(id, e));
- } catch (RepositoryException e) {
+ } catch (Exception e) {
+ log.error("Error while syncing user {}", id, e);
list.add(getJSONString(id, e));
}
}
@@ -228,9 +225,8 @@ public class SyncMBeanImpl implements Sy
} catch (ExternalIdentityException e) {
log.warn("error while fetching the external identity {}",
externalId, e);
list.add(getJSONString(ref, e));
- } catch (SyncException e) {
- list.add(getJSONString(ref, e));
- } catch (RepositoryException e) {
+ } catch (Exception e) {
+ log.error("Error while syncing user {}", ref, e);
list.add(getJSONString(ref, e));
}
}
@@ -251,10 +247,18 @@ public class SyncMBeanImpl implements Sy
try {
SyncResult r = context.sync(user);
systemSession.save();
+ if (r.getIdentity() == null) {
+ r = new DefaultSyncResultImpl(
+ new DefaultSyncedIdentity(user.getId(),
user.getExternalId(), false, -1),
+ SyncResult.Status.NO_SUCH_IDENTITY
+ );
+ log.warn("sync failed. {}", r.getIdentity());
+ } else {
+ log.info("synced {}", r.getIdentity());
+ }
list.add(getJSONString(r));
- } catch (SyncException e) {
- list.add(getJSONString(user.getExternalId(), e));
- } catch (RepositoryException e) {
+ } catch (Exception e) {
+ log.error("Error while syncing user {}", user, e);
list.add(getJSONString(user.getExternalId(), e));
}
}
@@ -275,16 +279,19 @@ public class SyncMBeanImpl implements Sy
while (iter.hasNext()) {
SyncedIdentity id = iter.next();
if (isMyIDP(id)) {
- ExternalIdentity extId =
idp.getIdentity(id.getExternalIdRef());
- if (extId == null) {
- list.add(id.getId());
+ try {
+ ExternalIdentityRef ref = id.getExternalIdRef();
+ ExternalIdentity extId = ref == null ? null :
idp.getIdentity(ref);
+ if (extId == null) {
+ list.add(id.getId());
+ }
+ } catch (Exception e) {
+ log.error("Error while fetching external identity
{}", id, e);
}
}
}
} catch (RepositoryException e) {
log.error("Error while listing orphaned users", e);
- } catch (ExternalIdentityException e) {
- log.error("Error while fetching external identity", e);
}
return list.toArray(new String[list.size()]);
}
@@ -301,9 +308,7 @@ public class SyncMBeanImpl implements Sy
SyncResult r = context.sync(userId);
systemSession.save();
result.add(getJSONString(r));
- } catch (SyncException e) {
- log.warn("Error while syncing user {}", userId, e);
- } catch (RepositoryException e) {
+ } catch (Exception e) {
log.warn("Error while syncing user {}", userId, e);
}
}
Modified:
jackrabbit/oak/branches/1.0/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTestBase.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTestBase.java?rev=1706478&r1=1706477&r2=1706478&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.0/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTestBase.java
(original)
+++
jackrabbit/oak/branches/1.0/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTestBase.java
Fri Oct 2 19:23:50 2015
@@ -36,6 +36,7 @@ import org.apache.jackrabbit.oak.spi.sec
import
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIDPManagerImpl;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.SyncManagerImpl;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SynchronizationMBean;
import org.apache.jackrabbit.oak.spi.whiteboard.Registration;
import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
import org.junit.After;
@@ -58,6 +59,10 @@ public abstract class ExternalLoginModul
protected ExternalIdentityProvider idp;
+ protected SyncManager syncManager;
+
+ protected ExternalIdentityProviderManager idpManager;
+
protected DefaultSyncConfig syncConfig;
@Before
@@ -123,8 +128,10 @@ public abstract class ExternalLoginModul
// register non-OSGi managers
whiteboard = oak.getWhiteboard();
- whiteboard.register(SyncManager.class, new
SyncManagerImpl(whiteboard), Collections.emptyMap());
- whiteboard.register(ExternalIdentityProviderManager.class, new
ExternalIDPManagerImpl(whiteboard), Collections.emptyMap());
+ syncManager = new SyncManagerImpl(whiteboard);
+ whiteboard.register(SyncManager.class, syncManager,
Collections.emptyMap());
+ idpManager = new ExternalIDPManagerImpl(whiteboard);
+ whiteboard.register(ExternalIdentityProviderManager.class, idpManager,
Collections.emptyMap());
return oak;
}
@@ -133,6 +140,14 @@ public abstract class ExternalLoginModul
protected abstract void destroyIDP(ExternalIdentityProvider idp);
+ protected SynchronizationMBean createMBean() {
+ // todo: how to retrieve JCR repository here? maybe we should base the
sync mbean on oak directly.
+ // JackrabbitRepository repository = null;
+ // return new SyncMBeanImpl(repository, syncManager, "default",
idpManager, idp.getName());
+
+ throw new UnsupportedOperationException("creating the mbean is not
supported yet.");
+ }
+
protected void setSyncConfig(DefaultSyncConfig cfg) {
if (syncHandlerReg != null) {
syncHandlerReg.unregister();
Modified:
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1706478&r1=1706477&r2=1706478&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
(original)
+++
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
Fri Oct 2 19:23:50 2015
@@ -43,6 +43,7 @@ import org.apache.directory.api.ldap.mod
import org.apache.directory.api.ldap.model.exception.LdapException;
import
org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.message.Response;
+import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchRequest;
import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
import org.apache.directory.api.ldap.model.message.SearchResultEntry;
@@ -456,9 +457,13 @@ public class LdapIdentityProvider implem
Entry entry = connection.lookup(ref.getId());
timer.mark("lookup");
Attribute attr = entry.get(config.getGroupMemberAttribute());
- for (Value value: attr) {
- ExternalIdentityRef memberRef = new
ExternalIdentityRef(value.getString(), this.getName());
- members.put(memberRef.getId(), memberRef);
+ if (attr == null) {
+ log.warn("LDAP group does not have configured attribute: {}",
config.getGroupMemberAttribute());
+ } else {
+ for (Value value: attr) {
+ ExternalIdentityRef memberRef = new
ExternalIdentityRef(value.getString(), this.getName());
+ members.put(memberRef.getId(), memberRef);
+ }
}
timer.mark("iterate");
if (log.isDebugEnabled()) {
