(syncope) branch 3_0_X updated: SYNCOPE-1867: Prevent NPE when fetching realm entitlements (#1016)

Tue, 11 Mar 2025 13:45:31 -0700 

This is an automated email from the ASF dual-hosted git repository.

mmoayyed pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/3_0_X by this push:
     new dc160f4044 SYNCOPE-1867: Prevent NPE when fetching realm entitlements 
(#1016)
dc160f4044 is described below

commit dc160f4044d68076c7703ca21a8bb45be99b269d
Author: Misagh Moayyed <[email protected]>
AuthorDate: Thu Mar 6 18:10:47 2025 +0400

    SYNCOPE-1867: Prevent NPE when fetching realm entitlements (#1016)
    
    # Conflicts:
    #       
core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java
    #       
core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java
---
 .../logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java | 2 +-
 .../logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git 
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java 
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java
index 254f217444..70bf5f81a3 100644
--- 
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java
+++ 
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java
@@ -129,7 +129,7 @@ public class RealmLogic extends 
AbstractTransactionalLogic<RealmTO> {
                 count,
                 result.stream().map(realm -> binder.getRealmTO(
                 realm,
-                
AuthContextUtils.getAuthorizations().get(IdRepoEntitlement.REALM_SEARCH).stream().
+                
AuthContextUtils.getAuthorizations().getOrDefault(IdRepoEntitlement.REALM_SEARCH,
 Set.of()).stream().
                         anyMatch(auth -> 
realm.getFullPath().startsWith(auth)))).
                         sorted(Comparator.comparing(RealmTO::getFullPath)).
                         collect(Collectors.toList()));
diff --git 
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java 
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java
index 4b28b4574d..f232357c2a 100644
--- 
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java
+++ 
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java
@@ -131,8 +131,8 @@ public class TaskLogic extends 
AbstractExecutableLogic<TaskTO> {
     }
 
     protected void securityChecks(final String entitlement, final String 
realm) {
-        Set<String> authRealms = 
AuthContextUtils.getAuthorizations().get(entitlement);
-        if (authRealms.stream().noneMatch(r -> realm.startsWith(r))) {
+        Set<String> authRealms = 
AuthContextUtils.getAuthorizations().getOrDefault(entitlement, Set.of());
+        if (authRealms.isEmpty() || 
authRealms.stream().noneMatch(realm::startsWith)) {
             throw new DelegatedAdministrationException(realm, 
MacroTask.class.getSimpleName(), null);
         }
     }

Reply via email to