From 3af9c32f0edaf28b031f09821a4cafe0ea6e24a2 Mon Sep 17 00:00:00 2001 From: Nico Verwer Date: Mon, 9 Jan 2023 13:38:08 +0100 Subject: [PATCH] [bugfix] guard against NPE in securitymanager fixes #4670 --- .../functions/securitymanager/IdFunction.java | 15 ++++++++++----- .../functions/securitymanager/IdFunctionTest.java | 4 ++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java b/exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java index 3d156836aa8..3bcd25446f5 100644 --- a/exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java +++ b/exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java @@ -77,13 +77,18 @@ private org.exist.dom.memtree.DocumentImpl functionId() { builder.startElement(new QName("id", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null); - builder.startElement(new QName("real", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null); - subjectToXml(builder, context.getRealUser()); - builder.endElement(); + final Subject realUser = context.getRealUser(); + if (realUser != null) { + builder.startElement(new QName("real", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null); + subjectToXml(builder, realUser); + builder.endElement(); + } - if (!sameUserWithSameGroups(context.getRealUser(), context.getEffectiveUser())) { + final Subject effectiveUser = context.getEffectiveUser(); + if (effectiveUser != null && ( + realUser == null || !sameUserWithSameGroups(realUser, effectiveUser))) { builder.startElement(new QName("effective", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null); - subjectToXml(builder, context.getEffectiveUser()); + subjectToXml(builder, effectiveUser); builder.endElement(); } diff --git a/exist-core/src/test/java/org/exist/xquery/functions/securitymanager/IdFunctionTest.java b/exist-core/src/test/java/org/exist/xquery/functions/securitymanager/IdFunctionTest.java index 2558cef9f00..3756b364f11 100644 --- a/exist-core/src/test/java/org/exist/xquery/functions/securitymanager/IdFunctionTest.java +++ b/exist-core/src/test/java/org/exist/xquery/functions/securitymanager/IdFunctionTest.java @@ -183,7 +183,7 @@ public void differingByGroupRealAndEffectiveUsers() throws XPathException, Xpath expect(mckContext.getDocumentBuilder()).andReturn(new MemTreeBuilder()); mckContext.popDocumentContext(); expectLastCall().once(); - expect(mckContext.getRealUser()).andReturn(mckRealUser).times(2); + expect(mckContext.getRealUser()).andReturn(mckRealUser); expect(mckRealUser.getName()).andReturn(realUsername); expect(mckRealUser.getGroups()).andReturn(new String[]{"realGroup1"}); expect(mckRealUser.getId()).andReturn(101); @@ -191,7 +191,7 @@ public void differingByGroupRealAndEffectiveUsers() throws XPathException, Xpath final Subject mckEffectiveUser = EasyMock.createMock(Subject.class); final String effectiveUsername = "user1"; - expect(mckContext.getEffectiveUser()).andReturn(mckEffectiveUser).times(2); + expect(mckContext.getEffectiveUser()).andReturn(mckEffectiveUser); expect(mckEffectiveUser.getId()).andReturn(101); expect(mckEffectiveUser.getName()).andReturn(effectiveUsername); expect(mckEffectiveUser.getGroups()).andReturn(new String[]{"realGroup1", "effectiveGroup1"});