Pluto
  1. Pluto
  2. PLUTO-514

Invoking PortletRequest.isUserInRole() results in NPE if no <security-role-ref> elements defined

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0
    • Fix Version/s: 2.0.0
    • Component/s: portlet container
    • Labels:
      None
    • Environment:
      JDK 1.5.0_16, Tomcat 5.5.27

      Description

      If you have not declared any security roles for a portlet in the deployment descriptor (portlet.xml) and then invoke the isUserInRole() method of either the RenderRequest or ActionRequest objects, a NullPointerException is thrown:

      java.lang.NullPointerException
      at org.apache.pluto.internal.impl.PortletRequestImpl.isUserInRole(PortletRequestImpl.java:400)

      In the isUserInRole() method of the PortletRequestImpl class the getSecurityRoleRefs() method of the PortletDD is invoked and then an iterator is requested for the returned List – however, the return value of getSecurityRoleRefs() is not checked for a null value before invoking the iterator() method.

      As a workaround you can make sure that you always declare at least on <security-role-ref> element in your portlet.xml file – this will ensure that the list returned by getSecurityRoleRefs() is not null.

      1. patch-514.txt
        1 kB
        Brian DeHamer

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Brian DeHamer
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development