Implemented a fix for a NullPointerException as reported by Pierre-Antoine Gr�goire (pa.gregoire@free.fr)

"The error comes from line 115 in AuthorizeTag....It seems there's no control for a null value here..." * test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java: Added a new test to confirm the existence of the bug. * src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java: And fixed the failing test.
22 years ago · d5a6ea044d
2 changed files with 13 additions and 0 deletions
--- a/core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java
+++ b/core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java
@ -112,6 +112,10 @@ public class AuthorizeTag extends TagSupport {
				@@ -112,6 +112,10 @@ public class AuthorizeTag extends TagSupport {

        Authentication currentUser = context.getAuthentication();

+        if (null == currentUser) {
+            return Collections.EMPTY_LIST;
+        }
+
        Collection granted = Arrays.asList(currentUser.getAuthorities());

        return granted;
--- a/core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagTests.java
+++ b/core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagTests.java
@ -42,6 +42,15 @@ public class AuthorizeTagTests extends TestCase {
				@@ -42,6 +42,15 @@ public class AuthorizeTagTests extends TestCase {

    //~ Methods ================================================================

+    public void testAlwaysReturnsUnauthorizedIfNoUserFound()
+        throws JspException {
+        context.setAuthentication(null);
+
+        authorizeTag.setIfAllGranted("ROLE_TELLER");
+        assertEquals("prevents request - no principal in Context",
+            Tag.SKIP_BODY, authorizeTag.doStartTag());
+    }
+
    public void testDefaultsToNotOutputtingBodyWhenNoRequiredAuthorities()
        throws JspException {
        assertEquals("", authorizeTag.getIfAllGranted());