Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-14 14:23:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-936: NPE in AbstractFallbackMethodDefinitionSource

Browse Source 
http://jira.springframework.org/browse/SEC-936. Changed to check if the value of MethodInvocation.getThis() is null to prevent NPE. MapBasedMethodDefinitionSource now ignores calls to findAttributes() with a null target class (all its entries require a class) and the fallback option in AbstractFallbackMethodDefinitionSource is used if the targetClass is null (i.e. Method.getDeclaringClass() will be used as the Class)
This commit is contained in:
Luke Taylor 2008-08-16 02:31:36 +00:00
parent 6a68a2531c
commit 3bf5e406b7
2 changed files with 108 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/src/main/java/org/springframework/security/intercept/method/AbstractFallbackMethodDefinitionSource.java
View File

@ -47,7 +47,8 @@ public abstract class AbstractFallbackMethodDefinitionSource implements MethodDe
if (object instanceof MethodInvocation) { if (object instanceof MethodInvocation) {
MethodInvocation mi = (MethodInvocation) object; MethodInvocation mi = (MethodInvocation) object;
return getAttributes(mi.getMethod(), mi.getThis().getClass()); Object target = mi.getThis();
return getAttributes(mi.getMethod(), target == null ? null : target.getClass());
} }
if (object instanceof JoinPoint) { if (object instanceof JoinPoint) {
@ -125,7 +126,7 @@ public abstract class AbstractFallbackMethodDefinitionSource implements MethodDe
return attr; return attr;
} }
if (specificMethod != method) { if (specificMethod != method || targetClass == null) {
// Fallback is to look at the original method. // Fallback is to look at the original method.
attr = findAttributes(method, method.getDeclaringClass()); attr = findAttributes(method, method.getDeclaringClass());
if (attr != null) { if (attr != null) {

4
core/src/main/java/org/springframework/security/intercept/method/MapBasedMethodDefinitionSource.java
View File

@ -88,6 +88,10 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
* Will walk the method inheritance tree to find the most specific declaration applicable. * Will walk the method inheritance tree to find the most specific declaration applicable.
*/ */
protected ConfigAttributeDefinition findAttributes(Method method, Class targetClass) { protected ConfigAttributeDefinition findAttributes(Method method, Class targetClass) {
if (targetClass == null) {
return null;
}
return findAttributesSpecifiedAgainst(method, targetClass); return findAttributesSpecifiedAgainst(method, targetClass);
} }