[
https://issues.apache.org/jira/browse/OAK-8229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Davide Giannella closed OAK-8229.
---------------------------------
bulk close 1.14.0
> LoginModuleImpl.commit will end in NPE if credentials are null
> --------------------------------------------------------------
>
> Key: OAK-8229
> URL: https://issues.apache.org/jira/browse/OAK-8229
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core, security
> Reporter: angela
> Assignee: angela
> Priority: Major
> Fix For: 1.14.0
>
>
> [~stillalex], i spotted an NPE with {{LoginModuleImpl.commit}} under the
> following circumstances:
> - no {{Credentials}} have been extracted during the login() (see
> {{getCredentials}}
> - if the {{Subject}} is not read-only commit() will add the null credentials
> objects to the public credentials set
> - the subsequent attempt to also add the {{AuthInfo}} will result in a NPE.
> the fix should be fairly easy, avoiding pushing null credentials to the
> subject
> {code}
> if (!subject.isReadOnly()) {
> Set<Principal> principals = subject.getPrincipals();
> if (principal != null) {
> principals.addAll(getPrincipals(principal));
> } else if (userId != null) {
> principals.addAll(getPrincipals(userId));
> }
> // FIX: extra check for null
> if (credentials != null) {
> subject.getPublicCredentials().add(credentials);
> }
> setAuthInfo(createAuthInfo(principals), subject);
> } else {
> log.debug("Could not add information to read only subject
> {}", subject);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
