(syncope) branch master updated: SYNCOPE-1867: Prevent NPE when fetching realm entitlements (#1016)

Thu, 06 Mar 2025 06:11:28 -0800 

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
     new c5265d4a25 SYNCOPE-1867: Prevent NPE when fetching realm entitlements 
(#1016)
c5265d4a25 is described below

commit c5265d4a258451afda756c8a20730947e4a6f28d
Author: Misagh Moayyed <[email protected]>
AuthorDate: Thu Mar 6 18:10:47 2025 +0400

    SYNCOPE-1867: Prevent NPE when fetching realm entitlements (#1016)
---
 .../src/main/java/org/apache/syncope/core/logic/RealmLogic.java      | 5 +++--
 .../logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git 
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java 
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java
index f075239bcd..68bcedbf1f 100644
--- 
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java
+++ 
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java
@@ -129,10 +129,11 @@ public class RealmLogic extends 
AbstractTransactionalLogic<RealmTO> {
 
         long count = realmSearchDAO.countDescendants(baseRealm.getFullPath(), 
keyword);
 
+        Set<String> authorizations = AuthContextUtils.getAuthorizations().
+            getOrDefault(IdRepoEntitlement.REALM_SEARCH, Set.of());
         List<RealmTO> result = 
realmSearchDAO.findDescendants(baseRealm.getFullPath(), keyword, 
pageable).stream().
                 map(realm -> binder.getRealmTO(
-                realm,
-                
AuthContextUtils.getAuthorizations().get(IdRepoEntitlement.REALM_SEARCH).stream().
+                realm, authorizations.stream().
                         anyMatch(auth -> 
realm.getFullPath().startsWith(auth)))).
                 sorted(Comparator.comparing(RealmTO::getFullPath)).
                 toList();
diff --git 
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java 
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java
index 478b8ef669..dbfba31b4f 100644
--- 
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java
+++ 
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java
@@ -128,8 +128,8 @@ public class TaskLogic extends 
AbstractExecutableLogic<TaskTO> {
     }
 
     protected void securityChecks(final String entitlement, final String 
realm) {
-        Set<String> authRealms = 
AuthContextUtils.getAuthorizations().get(entitlement);
-        if (authRealms.stream().noneMatch(realm::startsWith)) {
+        Set<String> authRealms = 
AuthContextUtils.getAuthorizations().getOrDefault(entitlement, Set.of());
+        if (authRealms.isEmpty() || 
authRealms.stream().noneMatch(realm::startsWith)) {
             throw new DelegatedAdministrationException(realm, 
MacroTask.class.getSimpleName(), null);
         }
     }

Reply via email to