[
https://issues.apache.org/jira/browse/PLUTO-514?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian DeHamer updated PLUTO-514:
--------------------------------
Attachment: patch-514.txt
The attached patch to the PortletRequestImpl class updates the isUserInRole()
method to ensure that the List returned by PortletDD.getSecurityRoleRefs() is
non-null before invoking its iterator() method
> Invoking PortletRequest.isUserInRole() results in NPE if no
> <security-role-ref> elements defined
> ------------------------------------------------------------------------------------------------
>
> Key: PLUTO-514
> URL: https://issues.apache.org/jira/browse/PLUTO-514
> Project: Pluto
> Issue Type: Bug
> Components: portlet container
> Affects Versions: 2.0.0
> Environment: JDK 1.5.0_16, Tomcat 5.5.27
> Reporter: Brian DeHamer
> Fix For: 2.0.0
>
> Attachments: patch-514.txt
>
>
> If you have not declared any security roles for a portlet in the deployment
> descriptor (portlet.xml) and then invoke the isUserInRole() method of either
> the RenderRequest or ActionRequest objects, a NullPointerException is thrown:
> java.lang.NullPointerException
> at
> org.apache.pluto.internal.impl.PortletRequestImpl.isUserInRole(PortletRequestImpl.java:400)
> In the isUserInRole() method of the PortletRequestImpl class the
> getSecurityRoleRefs() method of the PortletDD is invoked and then an iterator
> is requested for the returned List -- however, the return value of
> getSecurityRoleRefs() is not checked for a null value before invoking the
> iterator() method.
> As a workaround you can make sure that you always declare at least on
> <security-role-ref> element in your portlet.xml file -- this will ensure that
> the list returned by getSecurityRoleRefs() is not null.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
