SEC-346: Fix. Added suggested change. Also some minor tidying up of comments etc.

2025-03-03 20:09:18 +00:00 · 2007-08-30 20:55:49 +00:00 · 2007-08-30 20:55:49 +00:00 · 301626fd6e
commit 301626fd6e
parent 8cb836c6cf
2 changed files with 13 additions and 6 deletions
--- a/core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java
+++ b/core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java
@ -18,6 +18,7 @@ package org.acegisecurity.providers.x509.populator;
 import org.acegisecurity.AcegiMessageSource;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.BadCredentialsException;
+import org.acegisecurity.AuthenticationServiceException;

 import org.acegisecurity.providers.x509.X509AuthoritiesPopulator;

@ -79,8 +80,7 @@ public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, In
        }
    }

-    public UserDetails getUserDetails(X509Certificate clientCert)
-        throws AuthenticationException {
+    public UserDetails getUserDetails(X509Certificate clientCert) throws AuthenticationException {
        String subjectDN = clientCert.getSubjectDN().getName();
        PatternMatcher matcher = new Perl5Matcher();

@ -97,7 +97,14 @@ public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, In

        String userName = match.group(1);

-        return this.userDetailsService.loadUserByUsername(userName);
+        UserDetails user = this.userDetailsService.loadUserByUsername(userName);
+
+        if (user == null) {
+            throw new AuthenticationServiceException(
+                "UserDetailsService returned null, which is an interface contract violation");
+        }
+
+        return user;
    }

    public void setMessageSource(MessageSource messageSource) {
@ -106,7 +113,8 @@ public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, In

    /**
     * Sets the regular expression which will by used to extract the user name from the certificate's Subject
-     * DN.<p>It should contain a single group; for example the default expression "CN=(.?)," matches the common
+     * DN.
+     * <p>It should contain a single group; for example the default expression "CN=(.?)," matches the common
     * name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".</p>
     * <p>The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org,
     * CN=..." giving a user name "jimi@hendrix.org"</p>
--- a/core/src/test/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulatorTests.java
+++ b/core/src/test/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulatorTests.java
@ -43,7 +43,6 @@ public class DaoX509AuthoritiesPopulatorTests extends TestCase {
    //~ Constructors ===================================================================================================

    public DaoX509AuthoritiesPopulatorTests() {
-        super();
    }

    public DaoX509AuthoritiesPopulatorTests(String arg0) {