[jira] [Commented] (OAK-11627) NullPointerException in AutoMemberhipPrincipals

[Alejandro Moratinos (Jira)]

    [ 
https://issues.apache.org/jira/browse/OAK-11627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17940300#comment-17940300
 ] 

Alejandro Moratinos commented on OAK-11627:
-------------------------------------------

Created a PR to check for existing key preventing the null pointer exception 
that could occur in the case described

> NullPointerException in AutoMemberhipPrincipals
> -----------------------------------------------
>
>                 Key: OAK-11627
>                 URL: https://issues.apache.org/jira/browse/OAK-11627
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: auth-external
>    Affects Versions: 1.76.0
>            Reporter: Alejandro Moratinos
>            Assignee: Alejandro Moratinos
>            Priority: Major
>
> When there are 2 identity providers configured, one with dynamicMembership 
> enabled and another one with dynamicMembership disabled a null pointer 
> exception could happen while checking if an authorizable is member of a group
> This happens because CompositeProvider in DynamicMembershipTracker uses each 
> provider to checks if [it the user belongs to a 
> group|https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/DynamicMembershipTracker.java#L108-L115]
>  Then when AutomembershipPrincipals is called for a provider not using 
> dynamicMembership throws a NullPointerException on 
> [isInheritedMember|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.76.0/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipPrincipals.java]
>  
>  
> {code:java}
> // Trace reproduced using a local instance
> Caused by: java.lang.NullPointerException: null    at 
> java.base/java.util.Objects.requireNonNull(Objects.java:222)    at 
> java.base/java.util.Arrays$ArrayList.<init>(Arrays.java:4323)    at 
> java.base/java.util.Arrays.asList(Arrays.java:4310)    at 
> org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AutoMembershipPrincipals.isInheritedMember(AutoMembershipPrincipals.java:137)
>  [org.apache.jackrabbit.oak-auth-external:1.75.0.SNAPSHOT]    at 
> org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AutoMembershipProvider.isMember(AutoMembershipProvider.java:130)
>  [org.apache.jackrabbit.oak-auth-external:1.75.0.SNAPSHOT]    at 
> org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AutoMembershipProvider.isMember(AutoMembershipProvider.java:124)
>  [org.apache.jackrabbit.oak-auth-external:1.75.0.SNAPSHOT]    at 
> org.apache.jackrabbit.oak.security.user.DynamicMembershipTracker$CompositeProvider.isMember(DynamicMembershipTracker.java:110)
>  [org.apache.jackrabbit.oak-core:1.75.0.SNAPSHOT] {code}
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)