Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-237

nullpointer error at permission check when no permissionresolver is set

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.1.0
    • Fix Version/s: 1.2.0
    • Component/s: Realms
    • Labels:
      None
    • Environment:
      all

      Description

      in class AuthorizingRealm, the isPermitted( ... checks never look if the the permissionResolver are set but allways will query them in case a permission reqeust os asked for.

      Solutions:
      1. catch empty/ null permissionResolver in Authorizingrealm
      2. force that all derived AuthorizingRealms have a permissionResolver by making this required in the constructor
      3. defaultset the current only implementation (WildcardPermissionResolver) into the getPermissionResolver method so either this one is used or it has to be overwritten

      I would suggest 2. as its most clean and will fail/ force to be cared with at compiletime already.

      PS: this is the issue described in my mailing to list
      http://mail-archives.apache.org/mod_mbox/shiro-user/201012.mbox/browser

        Attachments

          Activity

            People

            • Assignee:
              kaosko Kalle Korhonen
              Reporter:
              korbinian Korbinian Bachl
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: