Null Pointer in AuthorizingRealm.isPermitted(AuthorizingRealm.java:452)

Thu, 16 Dec 2010 02:52:25 -0800 

Hello,
I dont know if this is a bug or a inteded impl. of AuthorizingRealm, but whenever I used permissions I always ended up: 

java.lang.NullPointerException

     at 
org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:452)
     at 
org.apache.shiro.authz.ModularRealmAuthorizer.isPermitted(ModularRealmAuthorizer.java:222)
     at 
org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:320)

....


while Roles work fine and as expected. My 
SSAuthorizingRealm.doGetAuthorizationMethod is based upon JDBCRealm


@Override

    protected AuthorizationInfo 
doGetAuthorizationInfo(PrincipalCollection principals) {

        //null usernames are invalid
        if (principals == null) {

            throw new AuthorizationException("PrincipalCollection 
method argument cannot be null.");

        }

        String username = (String) getAvailablePrincipal(principals);

        Set<String> roleNames = new LinkedHashSet<String>();
        Set<String> permissions = new LinkedHashSet<String>();
        SystemUser user = getBean().getSystemUser(username);

        if (user == null) {
            SecurityUtils.getSubject().logout();
            throw new AuthorizationException("Unknown Account!");
        }

        for (SystemUserRoles r : bean.getRolesForUser(user.getId())) {
            roleNames.add(r.getRole());
        }


        for (SystemUserPermissons p : 
bean.getPermissionsForUser(user.getId())) {

            permissions.add(p.getPermission());
        }


        SimpleAuthorizationInfo info = new 
SimpleAuthorizationInfo(roleNames);

        info.setStringPermissions(permissions);
        return info;
    }

which looked fine.


Whenever a permission is checked, the above code works and returns 0 - 
many roles (based upon user); But line

Permission p = getPermissionResolver().resolvePermission(permission);
in AuthorizingRealm fails with NPE;


After digging around I found out that there is no check in the JDBCRealm 
and more important in the Authorization if a permissionResolver is set. 
I made my Realm working by catching a


if(getPermissionResolver() == null) {
            setPermissionResolver(new WildcardPermissionResolver());
        }


in the doGetAuthorizationInfo method but maybe this should be adressed 
directly in the AuthorizationRealm?




Best,

Korbinian






















					Reply via email to