SEC-59: Fix NullPointerException caused by unnecessary check of application context path when a singleton is defined.

2005-10-21 07:46:06 +00:00 · 2005-10-21 07:46:06 +00:00 · b19d1f9d77
parent 55e552a846
commit b19d1f9d77
1 changed files with 32 additions and 34 deletions
--- a/adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java
+++ b/adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java
@ -12,7 +12,6 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-
 package net.sf.acegisecurity.adapters.jboss;

 import net.sf.acegisecurity.AccountExpiredException;
@ -50,7 +49,7 @@ import javax.security.auth.login.LoginException;
 /**
 * Adapter to enable JBoss to authenticate via the Acegi Security System for
 * Spring.
- * 
+ *
 * <p>
 * Returns a {@link PrincipalAcegiUserToken} to JBoss' authentication system,
 * which is subsequently available from
@ -62,15 +61,11 @@ import javax.security.auth.login.LoginException;
 * @version $Id$
 */
 public class JbossAcegiLoginModule extends AbstractServerLoginModule {
-    //~ Instance fields ========================================================
-
    private AuthenticationManager authenticationManager;
    private Principal identity;
    private String key;
    private char[] credential;

-    //~ Methods ================================================================
-
    public void initialize(Subject subject, CallbackHandler callbackHandler,
        Map sharedState, Map options) {
        super.initialize(subject, callbackHandler, sharedState, options);
@ -89,21 +84,24 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {

        String appContextLocation = (String) options.get("appContextLocation");

-        if ((((singletonId == null) || "".equals(singletonId))
-            && (appContextLocation == null)) || "".equals(appContextLocation)) {
+        if ((((singletonId == null) || "".equals(singletonId)) &&
+                (appContextLocation == null)) || "".equals(appContextLocation)) {
            throw new IllegalArgumentException(
                "appContextLocation must be defined");
        }

        String beanName = (String) options.get("authenticationManager");

-        if (Thread.currentThread().getContextClassLoader().getResource(appContextLocation) == null) {
-            if (super.log.isInfoEnabled()) {
-                super.log.info("cannot locate " + appContextLocation);
-            }
+        // Attempt to find the appContextLocation only if no singletonId was defined
+        if ((singletonId == null) || "".equals(singletonId)) {
+            if (Thread.currentThread().getContextClassLoader().getResource(appContextLocation) == null) {
+                if (super.log.isInfoEnabled()) {
+                    super.log.info("cannot locate " + appContextLocation);
+                }

-            throw new IllegalArgumentException("Cannot locate "
-                + appContextLocation);
+                throw new IllegalArgumentException("Cannot locate " +
+                    appContextLocation);
+            }
        }

        ClassPathXmlApplicationContext ctx = null;
@ -113,13 +111,13 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
                ctx = new ClassPathXmlApplicationContext(appContextLocation);
            } catch (Exception e) {
                if (super.log.isInfoEnabled()) {
-                    super.log.info("error loading spring context "
-                        + appContextLocation + " " + e);
+                    super.log.info("error loading spring context " +
+                        appContextLocation + " " + e);
                }

                throw new IllegalArgumentException(
-                    "error loading spring context " + appContextLocation + " "
-                    + e);
+                    "error loading spring context " + appContextLocation + " " +
+                    e);
            }
        } else {
            if (super.log.isInfoEnabled()) {
@ -132,11 +130,12 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {

            if (ctx == null) {
                if (super.log.isInfoEnabled()) {
-                    super.log.info("singleton " + beanName + " does not exists");
+                    super.log.info("singleton " + beanName +
+                        " does not exists");
                }

-                throw new IllegalArgumentException("singleton " + singletonId
-                    + " does not exists");
+                throw new IllegalArgumentException("singleton " + singletonId +
+                    " does not exists");
            }
        }

@ -179,8 +178,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {

        if ((username == null) && (password == null)) {
            identity = null;
-            super.log.trace("Authenticating as unauthenticatedIdentity="
-                + identity);
+            super.log.trace("Authenticating as unauthenticatedIdentity=" +
+                identity);
        }

        if (username == null) {
@ -239,8 +238,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
            super.log.debug("user is logged. redirecting to jaas classes");

            identity = new PrincipalAcegiUserToken(this.key,
-                    response.getName(),
-                    response.getCredentials().toString(),
+                    response.getName(), response.getCredentials().toString(),
                    response.getAuthorities());
        }

@ -251,8 +249,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
        }

        super.loginOk = true;
-        super.log.trace("User '" + identity + "' authenticated, loginOk="
-            + loginOk);
+        super.log.trace("User '" + identity + "' authenticated, loginOk=" +
+            loginOk);

        return true;
    }
@ -263,7 +261,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {

    protected Group[] getRoleSets() throws LoginException {
        SimpleGroup roles = new SimpleGroup("Roles");
-        Group[] roleSets = {roles};
+        Group[] roleSets = { roles };

        if (this.identity instanceof Authentication) {
            Authentication user = (Authentication) this.identity;
@ -278,17 +276,17 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
    }

    protected String[] getUsernameAndPassword() throws LoginException {
-        String[] info = {null, null};
+        String[] info = { null, null };

        // prompt for a username and password
        if (callbackHandler == null) {
-            throw new LoginException("Error: no CallbackHandler available "
-                + "to collect authentication information");
+            throw new LoginException("Error: no CallbackHandler available " +
+                "to collect authentication information");
        }

        NameCallback nc = new NameCallback("User name: ", "guest");
        PasswordCallback pc = new PasswordCallback("Password: ", false);
-        Callback[] callbacks = {nc, pc};
+        Callback[] callbacks = { nc, pc };
        String username = null;
        String password = null;

@ -308,8 +306,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
        } catch (java.io.IOException ioe) {
            throw new LoginException(ioe.toString());
        } catch (UnsupportedCallbackException uce) {
-            throw new LoginException("CallbackHandler does not support: "
-                + uce.getCallback());
+            throw new LoginException("CallbackHandler does not support: " +
+                uce.getCallback());
        }

        info[0] = username;