From b19d1f9d779eb20ee0f74b0f8e9339c057660baf Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Fri, 21 Oct 2005 07:46:06 +0000 Subject: [PATCH] SEC-59: Fix NullPointerException caused by unnecessary check of application context path when a singleton is defined. --- .../adapters/jboss/JbossAcegiLoginModule.java | 66 +++++++++---------- 1 file changed, 32 insertions(+), 34 deletions(-) diff --git a/adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java b/adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java index cdaa7f36e3..d8144f31bc 100644 --- a/adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java +++ b/adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java @@ -12,7 +12,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package net.sf.acegisecurity.adapters.jboss; import net.sf.acegisecurity.AccountExpiredException; @@ -50,7 +49,7 @@ import javax.security.auth.login.LoginException; /** * Adapter to enable JBoss to authenticate via the Acegi Security System for * Spring. - * + * *

* Returns a {@link PrincipalAcegiUserToken} to JBoss' authentication system, * which is subsequently available from @@ -62,15 +61,11 @@ import javax.security.auth.login.LoginException; * @version $Id$ */ public class JbossAcegiLoginModule extends AbstractServerLoginModule { - //~ Instance fields ======================================================== - private AuthenticationManager authenticationManager; private Principal identity; private String key; private char[] credential; - //~ Methods ================================================================ - public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options); @@ -89,21 +84,24 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule { String appContextLocation = (String) options.get("appContextLocation"); - if ((((singletonId == null) || "".equals(singletonId)) - && (appContextLocation == null)) || "".equals(appContextLocation)) { + if ((((singletonId == null) || "".equals(singletonId)) && + (appContextLocation == null)) || "".equals(appContextLocation)) { throw new IllegalArgumentException( "appContextLocation must be defined"); } String beanName = (String) options.get("authenticationManager"); - if (Thread.currentThread().getContextClassLoader().getResource(appContextLocation) == null) { - if (super.log.isInfoEnabled()) { - super.log.info("cannot locate " + appContextLocation); - } + // Attempt to find the appContextLocation only if no singletonId was defined + if ((singletonId == null) || "".equals(singletonId)) { + if (Thread.currentThread().getContextClassLoader().getResource(appContextLocation) == null) { + if (super.log.isInfoEnabled()) { + super.log.info("cannot locate " + appContextLocation); + } - throw new IllegalArgumentException("Cannot locate " - + appContextLocation); + throw new IllegalArgumentException("Cannot locate " + + appContextLocation); + } } ClassPathXmlApplicationContext ctx = null; @@ -113,13 +111,13 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule { ctx = new ClassPathXmlApplicationContext(appContextLocation); } catch (Exception e) { if (super.log.isInfoEnabled()) { - super.log.info("error loading spring context " - + appContextLocation + " " + e); + super.log.info("error loading spring context " + + appContextLocation + " " + e); } throw new IllegalArgumentException( - "error loading spring context " + appContextLocation + " " - + e); + "error loading spring context " + appContextLocation + " " + + e); } } else { if (super.log.isInfoEnabled()) { @@ -132,11 +130,12 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule { if (ctx == null) { if (super.log.isInfoEnabled()) { - super.log.info("singleton " + beanName + " does not exists"); + super.log.info("singleton " + beanName + + " does not exists"); } - throw new IllegalArgumentException("singleton " + singletonId - + " does not exists"); + throw new IllegalArgumentException("singleton " + singletonId + + " does not exists"); } } @@ -179,8 +178,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule { if ((username == null) && (password == null)) { identity = null; - super.log.trace("Authenticating as unauthenticatedIdentity=" - + identity); + super.log.trace("Authenticating as unauthenticatedIdentity=" + + identity); } if (username == null) { @@ -239,8 +238,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule { super.log.debug("user is logged. redirecting to jaas classes"); identity = new PrincipalAcegiUserToken(this.key, - response.getName(), - response.getCredentials().toString(), + response.getName(), response.getCredentials().toString(), response.getAuthorities()); } @@ -251,8 +249,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule { } super.loginOk = true; - super.log.trace("User '" + identity + "' authenticated, loginOk=" - + loginOk); + super.log.trace("User '" + identity + "' authenticated, loginOk=" + + loginOk); return true; } @@ -263,7 +261,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule { protected Group[] getRoleSets() throws LoginException { SimpleGroup roles = new SimpleGroup("Roles"); - Group[] roleSets = {roles}; + Group[] roleSets = { roles }; if (this.identity instanceof Authentication) { Authentication user = (Authentication) this.identity; @@ -278,17 +276,17 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule { } protected String[] getUsernameAndPassword() throws LoginException { - String[] info = {null, null}; + String[] info = { null, null }; // prompt for a username and password if (callbackHandler == null) { - throw new LoginException("Error: no CallbackHandler available " - + "to collect authentication information"); + throw new LoginException("Error: no CallbackHandler available " + + "to collect authentication information"); } NameCallback nc = new NameCallback("User name: ", "guest"); PasswordCallback pc = new PasswordCallback("Password: ", false); - Callback[] callbacks = {nc, pc}; + Callback[] callbacks = { nc, pc }; String username = null; String password = null; @@ -308,8 +306,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule { } catch (java.io.IOException ioe) { throw new LoginException(ioe.toString()); } catch (UnsupportedCallbackException uce) { - throw new LoginException("CallbackHandler does not support: " - + uce.getCallback()); + throw new LoginException("CallbackHandler does not support: " + + uce.getCallback()); } info[0] = username;