Invoking PortletRequest.isUserInRole() results in NPE if no <security-role-ref>
elements defined
------------------------------------------------------------------------------------------------
Key: PLUTO-514
URL: https://issues.apache.org/jira/browse/PLUTO-514
Project: Pluto
Issue Type: Bug
Components: portlet container
Affects Versions: 2.0.0
Environment: JDK 1.5.0_16, Tomcat 5.5.27
Reporter: Brian DeHamer
Fix For: 2.0.0
If you have not declared any security roles for a portlet in the deployment
descriptor (portlet.xml) and then invoke the isUserInRole() method of either
the RenderRequest or ActionRequest objects, a NullPointerException is thrown:
java.lang.NullPointerException
at
org.apache.pluto.internal.impl.PortletRequestImpl.isUserInRole(PortletRequestImpl.java:400)
In the isUserInRole() method of the PortletRequestImpl class the
getSecurityRoleRefs() method of the PortletDD is invoked and then an iterator
is requested for the returned List -- however, the return value of
getSecurityRoleRefs() is not checked for a null value before invoking the
iterator() method.
As a workaround you can make sure that you always declare at least on
<security-role-ref> element in your portlet.xml file -- this will ensure that
the list returned by getSecurityRoleRefs() is not null.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
