[PLUTO-514] Invoking PortletRequest.isUserInRole() results in NPE if no <security-role-ref> elements defined - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.0.0
Component/s: portlet container
Labels:
None
Environment:
JDK 1.5.0_16, Tomcat 5.5.27

Description

If you have not declared any security roles for a portlet in the deployment descriptor (portlet.xml) and then invoke the isUserInRole() method of either the RenderRequest or ActionRequest objects, a NullPointerException is thrown:

java.lang.NullPointerException
at org.apache.pluto.internal.impl.PortletRequestImpl.isUserInRole(PortletRequestImpl.java:400)

In the isUserInRole() method of the PortletRequestImpl class the getSecurityRoleRefs() method of the PortletDD is invoked and then an iterator is requested for the returned List – however, the return value of getSecurityRoleRefs() is not checked for a null value before invoking the iterator() method.

As a workaround you can make sure that you always declare at least on <security-role-ref> element in your portlet.xml file – this will ensure that the list returned by getSecurityRoleRefs() is not null.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

patch-514.txt
20/Oct/08 16:52
1 kB
Brian DeHamer

Activity

People

Assignee:: Unassigned

Reporter:: Brian DeHamer

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 20/Oct/08 16:51

Updated:: 07/Apr/09 03:12

Resolved:: 07/Apr/09 03:12