Prevent NullPointerException when not loaded from application context

20 years ago · d847772c81
2 changed files with 38 additions and 7 deletions
--- a/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java
+++ b/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java
@ -41,6 +41,7 @@ import org.apache.commons.logging.LogFactory;
				@@ -41,6 +41,7 @@ import org.apache.commons.logging.LogFactory;

 import org.springframework.beans.factory.InitializingBean;

+import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.context.MessageSource;
@ -276,7 +277,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
				@@ -276,7 +277,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
            } catch (AccessDeniedException accessDeniedException) {
                AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated,
                        accessDeniedException);
-                this.eventPublisher.publishEvent(event);
+                publishEvent(event);

                throw accessDeniedException;
            }
@ -286,7 +287,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
				@@ -286,7 +287,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
            }

            AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated);
-            this.eventPublisher.publishEvent(event);
+            publishEvent(event);

            // Attempt to run as a different user
            Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);
@ -311,7 +312,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
				@@ -311,7 +312,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
                logger.debug("Public object - authentication not attempted");
            }

-            this.eventPublisher.publishEvent(new PublicInvocationEvent(object));
+            publishEvent(new PublicInvocationEvent(object));

            return null; // no further work post-invocation
        }
@ -330,7 +331,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
				@@ -330,7 +331,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A

        AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,
                configAttribs, exception);
-        this.eventPublisher.publishEvent(event);
+        publishEvent(event);

        throw exception;
    }
@ -431,4 +432,10 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
				@@ -431,4 +432,10 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
    public void setValidateConfigAttributes(boolean validateConfigAttributes) {
        this.validateConfigAttributes = validateConfigAttributes;
    }
+
+    private void publishEvent(ApplicationEvent event) {
+        if (this.eventPublisher != null) {
+            this.eventPublisher.publishEvent(event);
+        }
+    }
 }
--- a/core/src/test/java/org/acegisecurity/intercept/web/FilterSecurityInterceptorTests.java
+++ b/core/src/test/java/org/acegisecurity/intercept/web/FilterSecurityInterceptorTests.java
@ -30,17 +30,16 @@ import org.acegisecurity.MockAuthenticationManager;
				@@ -30,17 +30,16 @@ import org.acegisecurity.MockAuthenticationManager;
 import org.acegisecurity.MockRunAsManager;
 import org.acegisecurity.RunAsManager;
 import org.acegisecurity.SecurityConfig;
-
 import org.acegisecurity.context.SecurityContextHolder;
-
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;

 import java.io.IOException;

+import java.util.ArrayList;
 import java.util.Iterator;
+import java.util.List;

 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@ -231,6 +230,31 @@ public class FilterSecurityInterceptorTests extends TestCase {
				@@ -231,6 +230,31 @@ public class FilterSecurityInterceptorTests extends TestCase {
        SecurityContextHolder.clearContext();
    }

+    public void testNotLoadedFromApplicationContext() throws Exception {
+        FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
+        mapping.setUrl("/secure/**");
+        mapping.addConfigAttribute("ROLE_USER");
+
+        List mappings = new ArrayList(1);
+        mappings.add(mapping);
+
+        PathBasedFilterInvocationDefinitionMap filterInvocationDefinitionSource = new PathBasedFilterInvocationDefinitionMap();
+        filterInvocationDefinitionSource
+                .setConvertUrlToLowercaseBeforeComparison(true);
+        filterInvocationDefinitionSource.setMappings(mappings);
+
+        FilterSecurityInterceptor filter = new FilterSecurityInterceptor();
+        filter.setObjectDefinitionSource(filterInvocationDefinitionSource);
+
+        MockFilterChain filterChain = new MockFilterChain();
+        filterChain.expectToProceed = true;
+
+        FilterInvocation fi = new FilterInvocation(
+                new MockHttpServletRequest(), new MockHttpServletResponse(),
+                filterChain);
+        filter.invoke(fi);
+    }
+
    //~ Inner Classes ==================================================================================================

    private class MockFilterChain implements FilterChain {