From 758bd279f8ab55b11233ea73e63ae9be23d28200 Mon Sep 17 00:00:00 2001
From: Colm O hEigeartaigh <coheigea@apache.org>
Date: Wed, 19 Feb 2020 07:12:45 +0000
Subject: [PATCH] AMQ-7412 - Fix NPE in SimpleAuthenticationPlugin

---
 .../security/SimpleAuthenticationPlugin.java  | 10 ++-
 .../SimpleAuthenticationPluginTest.java       | 86 +++++++++++++++++++
 2 files changed, 92 insertions(+), 4 deletions(-)
 create mode 100644 activemq-broker/src/test/java/org/apache/activemq/security/SimpleAuthenticationPluginTest.java

diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/SimpleAuthenticationPlugin.java b/activemq-broker/src/main/java/org/apache/activemq/security/SimpleAuthenticationPlugin.java
index fb0d2e8731..f81fc60c14 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/security/SimpleAuthenticationPlugin.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/SimpleAuthenticationPlugin.java
@@ -79,10 +79,12 @@ public class SimpleAuthenticationPlugin implements BrokerPlugin {
             AuthenticationUser user = (AuthenticationUser)it.next();
             userPasswords.put(user.getUsername(), user.getPassword());
             Set<Principal> groups = new HashSet<Principal>();
-            StringTokenizer iter = new StringTokenizer(user.getGroups(), ",");
-            while (iter.hasMoreTokens()) {
-                String name = iter.nextToken().trim();
-                groups.add(new GroupPrincipal(name));
+            if (user.getGroups() != null) {
+                StringTokenizer iter = new StringTokenizer(user.getGroups(), ",");
+                while (iter.hasMoreTokens()) {
+                    String name = iter.nextToken().trim();
+                    groups.add(new GroupPrincipal(name));
+                }
             }
             userGroups.put(user.getUsername(), groups);
         }
diff --git a/activemq-broker/src/test/java/org/apache/activemq/security/SimpleAuthenticationPluginTest.java b/activemq-broker/src/test/java/org/apache/activemq/security/SimpleAuthenticationPluginTest.java
new file mode 100644
index 0000000000..7b1a82db73
--- /dev/null
+++ b/activemq-broker/src/test/java/org/apache/activemq/security/SimpleAuthenticationPluginTest.java
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Map;
+import java.util.Set;
+
+import org.junit.Test;
+
+public class SimpleAuthenticationPluginTest {
+    
+    @Test
+    public void testSetUsers() {
+        AuthenticationUser alice = new AuthenticationUser("alice", "password", "group1");
+        AuthenticationUser bob = new AuthenticationUser("bob", "security", "group2");
+        SimpleAuthenticationPlugin authenticationPlugin = new SimpleAuthenticationPlugin();
+        authenticationPlugin.setUsers(Arrays.asList(alice, bob));
+        
+        assertFalse(authenticationPlugin.isAnonymousAccessAllowed());
+        
+        Map<String, String> userPasswords = authenticationPlugin.getUserPasswords();
+        assertEquals(2, userPasswords.size());
+        assertEquals("password", userPasswords.get("alice"));
+        assertEquals("security", userPasswords.get("bob"));
+        
+        Map<String, Set<Principal>> userGroups = authenticationPlugin.getUserGroups();
+        assertEquals(2, userGroups.size());
+        
+        Set<Principal> aliceGroups = userGroups.get("alice");
+        assertNotNull(aliceGroups);
+        assertEquals(1, aliceGroups.size());
+        assertEquals("group1", aliceGroups.iterator().next().getName());
+        
+        Set<Principal> bobGroups = userGroups.get("bob");
+        assertNotNull(bobGroups);
+        assertEquals(1, bobGroups.size());
+        assertEquals("group2", bobGroups.iterator().next().getName());
+    }
+    
+    @Test
+    public void testSetUsersNoGroups() {
+        AuthenticationUser alice = new AuthenticationUser("alice", "password", null);
+        AuthenticationUser bob = new AuthenticationUser("bob", "security", null);
+        SimpleAuthenticationPlugin authenticationPlugin = new SimpleAuthenticationPlugin();
+        authenticationPlugin.setUsers(Arrays.asList(alice, bob));
+        
+        assertFalse(authenticationPlugin.isAnonymousAccessAllowed());
+        
+        Map<String, String> userPasswords = authenticationPlugin.getUserPasswords();
+        assertEquals(2, userPasswords.size());
+        assertEquals("password", userPasswords.get("alice"));
+        assertEquals("security", userPasswords.get("bob"));
+        
+        Map<String, Set<Principal>> userGroups = authenticationPlugin.getUserGroups();
+        assertEquals(2, userGroups.size());
+        
+        Set<Principal> aliceGroups = userGroups.get("alice");
+        assertNotNull(aliceGroups);
+        assertTrue(aliceGroups.isEmpty());
+        
+        Set<Principal> bobGroups = userGroups.get("bob");
+        assertNotNull(bobGroups);
+        assertTrue(bobGroups.isEmpty());
+    }
+}