Skip to content

Commit

Permalink
[bugfix] guard against NPE in securitymanager
Browse files Browse the repository at this point in the history 
fixes eXist-db#4670
  • Loading branch information
@line-o
Nico Verwer authored and line-o committed Dec 12, 2023
1 parent 1029a51 commit 0adb4aa
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 10 deletions.
15 changes: 10 additions & 5 deletions exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,13 +77,18 @@ private org.exist.dom.memtree.DocumentImpl functionId() {

builder.startElement(new QName("id", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);

builder.startElement(new QName("real", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
subjectToXml(builder, context.getRealUser());
builder.endElement();
final Subject realUser = context.getRealUser();
if (realUser != null) {
builder.startElement(new QName("real", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
subjectToXml(builder, realUser);
builder.endElement();
}

if (!sameUserWithSameGroups(context.getRealUser(), context.getEffectiveUser())) {
final Subject effectiveUser = context.getEffectiveUser();
if (effectiveUser != null && (
realUser == null || !sameUserWithSameGroups(realUser, effectiveUser))) {
builder.startElement(new QName("effective", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
subjectToXml(builder, context.getEffectiveUser());
subjectToXml(builder, effectiveUser);
builder.endElement();
}

Expand Down
10 changes: 5 additions & 5 deletions exist-core/src/test/java/org/exist/xquery/functions/securitymanager/IdFunctionTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,14 +71,14 @@ public void differingRealAndEffectiveUsers() throws XPathException, XpathExcepti
expect(mckContext.getDocumentBuilder()).andReturn(new MemTreeBuilder());
mckContext.popDocumentContext();
expectLastCall().once();
expect(mckContext.getRealUser()).andReturn(mckRealUser).times(2);
expect(mckContext.getRealUser()).andReturn(mckRealUser);
expect(mckRealUser.getName()).andReturn(realUsername);
expect(mckRealUser.getGroups()).andReturn(new String[]{"realGroup1", "realGroup2"});
expect(mckRealUser.getId()).andReturn(1);

final Subject mckEffectiveUser = EasyMock.createMock(Subject.class);
final String effectiveUsername = "effective";
expect(mckContext.getEffectiveUser()).andReturn(mckEffectiveUser).times(2);
expect(mckContext.getEffectiveUser()).andReturn(mckEffectiveUser);
expect(mckEffectiveUser.getId()).andReturn(2);
expect(mckEffectiveUser.getName()).andReturn(effectiveUsername);
expect(mckEffectiveUser.getGroups()).andReturn(new String[]{"effectiveGroup1", "effectiveGroup2"});
Expand Down Expand Up @@ -127,7 +127,7 @@ public void sameRealAndEffectiveUsers() throws XPathException, XpathException {
expect(mckContext.getDocumentBuilder()).andReturn(new MemTreeBuilder());
mckContext.popDocumentContext();
expectLastCall().once();
expect(mckContext.getRealUser()).andReturn(mckUser).times(2);
expect(mckContext.getRealUser()).andReturn(mckUser);
expect(mckUser.getName()).andReturn(username);
expect(mckUser.getGroups()).andReturn(new String[]{"group1", "group2"});
expect(mckUser.getId()).andReturn(1);
Expand Down Expand Up @@ -183,15 +183,15 @@ public void differingByGroupRealAndEffectiveUsers() throws XPathException, Xpath
expect(mckContext.getDocumentBuilder()).andReturn(new MemTreeBuilder());
mckContext.popDocumentContext();
expectLastCall().once();
expect(mckContext.getRealUser()).andReturn(mckRealUser).times(2);
expect(mckContext.getRealUser()).andReturn(mckRealUser);
expect(mckRealUser.getName()).andReturn(realUsername);
expect(mckRealUser.getGroups()).andReturn(new String[]{"realGroup1"});
expect(mckRealUser.getId()).andReturn(101);
expect(mckRealUser.getGroupIds()).andReturn(new int[] {101});

final Subject mckEffectiveUser = EasyMock.createMock(Subject.class);
final String effectiveUsername = "user1";
expect(mckContext.getEffectiveUser()).andReturn(mckEffectiveUser).times(2);
expect(mckContext.getEffectiveUser()).andReturn(mckEffectiveUser);
expect(mckEffectiveUser.getId()).andReturn(101);
expect(mckEffectiveUser.getName()).andReturn(effectiveUsername);
expect(mckEffectiveUser.getGroups()).andReturn(new String[]{"realGroup1", "effectiveGroup1"});
Expand Down

0 comments on commit 0adb4aa

Please sign in to comment.