Re: Null Pointer in AuthorizingRealm.isPermitted(AuthorizingRealm.java:452)

Mon, 17 Jan 2011 03:03:18 -0800 

Hi Les,

sorry it took so long; Shiro-237 is created.

Best

Korbinian

PS: its really cool to be able to have multiple realms working together! :D


Am 04.01.11 19:11, schrieb Les Hazlewood:

Hi Korbinian,

Can you please create a Jira issue for this if you haven't already?

Thanks,

Les

On Thu, Dec 16, 2010 at 5:50 AM, Korbinian Bachl - privat
<[email protected]>  wrote:

Hello,

I dont know if this is a bug or a inteded impl. of AuthorizingRealm, but
whenever I used permissions I always ended up:

java.lang.NullPointerException
     at
org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:452)
     at
org.apache.shiro.authz.ModularRealmAuthorizer.isPermitted(ModularRealmAuthorizer.java:222)
     at
org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:320)
....

while Roles work fine and as expected. My
SSAuthorizingRealm.doGetAuthorizationMethod is based upon JDBCRealm

@Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {
        //null usernames are invalid
        if (principals == null) {
            throw new AuthorizationException("PrincipalCollection method
argument cannot be null.");
        }

        String username = (String) getAvailablePrincipal(principals);

        Set<String>  roleNames = new LinkedHashSet<String>();
        Set<String>  permissions = new LinkedHashSet<String>();
        SystemUser user = getBean().getSystemUser(username);

        if (user == null) {
            SecurityUtils.getSubject().logout();
            throw new AuthorizationException("Unknown Account!");
        }

        for (SystemUserRoles r : bean.getRolesForUser(user.getId())) {
            roleNames.add(r.getRole());
        }

        for (SystemUserPermissons p :
bean.getPermissionsForUser(user.getId())) {
            permissions.add(p.getPermission());
        }

        SimpleAuthorizationInfo info = new
SimpleAuthorizationInfo(roleNames);
        info.setStringPermissions(permissions);
        return info;
    }

which looked fine.

Whenever a permission is checked, the above code works and returns 0 - many
roles (based upon user); But line
Permission p = getPermissionResolver().resolvePermission(permission);
in AuthorizingRealm fails with NPE;

After digging around I found out that there is no check in the JDBCRealm and
more important in the Authorization if a permissionResolver is set. I made
my Realm working by catching a

if(getPermissionResolver() == null) {
            setPermissionResolver(new WildcardPermissionResolver());
        }

in the doGetAuthorizationInfo method but maybe this should be adressed
directly in the AuthorizationRealm?



Best,

Korbinian

Reply via email to