SEC-896: Changed result.toString() to String.valueOf(result) in tag class to prevent NPE when value of property is null

2025-02-23 23:31:27 +00:00 · 2008-06-30 21:02:23 +00:00 · 2008-06-30 21:02:23 +00:00 · c372c2df87
commit c372c2df87
parent dd5edbcce9
1 changed files with 9 additions and 9 deletions
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
@ -33,7 +33,7 @@ import javax.servlet.jsp.tagext.TagSupport;

 /**
 * An {@link javax.servlet.jsp.tagext.Tag} implementation that allows convenient access to the current
- * <code>Authentication</code> object. The <tt>operation</tt> attribute
+ * <code>Authentication</code> object.
 * <p>
 * Whilst JSPs can access the <code>SecurityContext</code> directly, this tag avoids handling <code>null</code> conditions.
 *
@ -93,13 +93,13 @@ public class AuthenticationTag extends TagSupport {

            if (auth.getPrincipal() == null) {
                return Tag.EVAL_PAGE;
-            } else {
-                try {
-                    BeanWrapperImpl wrapper = new BeanWrapperImpl(auth);
-                    result = wrapper.getPropertyValue(property);
-                } catch (BeansException e) {
-                    throw new JspException(e);
-                }
+            }
+            
+            try {
+                BeanWrapperImpl wrapper = new BeanWrapperImpl(auth);
+                result = wrapper.getPropertyValue(property);
+            } catch (BeansException e) {
+                throw new JspException(e);
            }
        }

@ -120,7 +120,7 @@ public class AuthenticationTag extends TagSupport {
                }
            }
        } else {
-            writeMessage(result.toString());
+            writeMessage(String.valueOf(result));
        }
        return EVAL_PAGE;
    }