You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2011/01/04 19:11:58 UTC

Re: Null Pointer in AuthorizingRealm.isPermitted(AuthorizingRealm.java:452)

Hi Korbinian,

Can you please create a Jira issue for this if you haven't already?

Thanks,

Les

On Thu, Dec 16, 2010 at 5:50 AM, Korbinian Bachl - privat
<ko...@whiskyworld.de> wrote:
> Hello,
>
> I dont know if this is a bug or a inteded impl. of AuthorizingRealm, but
> whenever I used permissions I always ended up:
>
> java.lang.NullPointerException
>     at
> org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:452)
>     at
> org.apache.shiro.authz.ModularRealmAuthorizer.isPermitted(ModularRealmAuthorizer.java:222)
>     at
> org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:320)
> ....
>
> while Roles work fine and as expected. My
> SSAuthorizingRealm.doGetAuthorizationMethod is based upon JDBCRealm
>
> @Override
>    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
> principals) {
>        //null usernames are invalid
>        if (principals == null) {
>            throw new AuthorizationException("PrincipalCollection method
> argument cannot be null.");
>        }
>
>        String username = (String) getAvailablePrincipal(principals);
>
>        Set<String> roleNames = new LinkedHashSet<String>();
>        Set<String> permissions = new LinkedHashSet<String>();
>        SystemUser user = getBean().getSystemUser(username);
>
>        if (user == null) {
>            SecurityUtils.getSubject().logout();
>            throw new AuthorizationException("Unknown Account!");
>        }
>
>        for (SystemUserRoles r : bean.getRolesForUser(user.getId())) {
>            roleNames.add(r.getRole());
>        }
>
>        for (SystemUserPermissons p :
> bean.getPermissionsForUser(user.getId())) {
>            permissions.add(p.getPermission());
>        }
>
>        SimpleAuthorizationInfo info = new
> SimpleAuthorizationInfo(roleNames);
>        info.setStringPermissions(permissions);
>        return info;
>    }
>
> which looked fine.
>
> Whenever a permission is checked, the above code works and returns 0 - many
> roles (based upon user); But line
> Permission p = getPermissionResolver().resolvePermission(permission);
> in AuthorizingRealm fails with NPE;
>
> After digging around I found out that there is no check in the JDBCRealm and
> more important in the Authorization if a permissionResolver is set. I made
> my Realm working by catching a
>
> if(getPermissionResolver() == null) {
>            setPermissionResolver(new WildcardPermissionResolver());
>        }
>
> in the doGetAuthorizationInfo method but maybe this should be adressed
> directly in the AuthorizationRealm?
>
>
>
> Best,
>
> Korbinian

Re: Null Pointer in AuthorizingRealm.isPermitted(AuthorizingRealm.java:452)

Posted by Korbinian Bachl - privat <ko...@whiskyworld.de>.

Hi Les,

sorry it took so long; Shiro-237 is created.

Best

Korbinian

PS: its really cool to be able to have multiple realms working together! :D


Am 04.01.11 19:11, schrieb Les Hazlewood:
> Hi Korbinian,
>
> Can you please create a Jira issue for this if you haven't already?
>
> Thanks,
>
> Les
>
> On Thu, Dec 16, 2010 at 5:50 AM, Korbinian Bachl - privat
> <ko...@whiskyworld.de>  wrote:
>> Hello,
>>
>> I dont know if this is a bug or a inteded impl. of AuthorizingRealm, but
>> whenever I used permissions I always ended up:
>>
>> java.lang.NullPointerException
>>      at
>> org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:452)
>>      at
>> org.apache.shiro.authz.ModularRealmAuthorizer.isPermitted(ModularRealmAuthorizer.java:222)
>>      at
>> org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:320)
>> ....
>>
>> while Roles work fine and as expected. My
>> SSAuthorizingRealm.doGetAuthorizationMethod is based upon JDBCRealm
>>
>> @Override
>>     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
>> principals) {
>>         //null usernames are invalid
>>         if (principals == null) {
>>             throw new AuthorizationException("PrincipalCollection method
>> argument cannot be null.");
>>         }
>>
>>         String username = (String) getAvailablePrincipal(principals);
>>
>>         Set<String>  roleNames = new LinkedHashSet<String>();
>>         Set<String>  permissions = new LinkedHashSet<String>();
>>         SystemUser user = getBean().getSystemUser(username);
>>
>>         if (user == null) {
>>             SecurityUtils.getSubject().logout();
>>             throw new AuthorizationException("Unknown Account!");
>>         }
>>
>>         for (SystemUserRoles r : bean.getRolesForUser(user.getId())) {
>>             roleNames.add(r.getRole());
>>         }
>>
>>         for (SystemUserPermissons p :
>> bean.getPermissionsForUser(user.getId())) {
>>             permissions.add(p.getPermission());
>>         }
>>
>>         SimpleAuthorizationInfo info = new
>> SimpleAuthorizationInfo(roleNames);
>>         info.setStringPermissions(permissions);
>>         return info;
>>     }
>>
>> which looked fine.
>>
>> Whenever a permission is checked, the above code works and returns 0 - many
>> roles (based upon user); But line
>> Permission p = getPermissionResolver().resolvePermission(permission);
>> in AuthorizingRealm fails with NPE;
>>
>> After digging around I found out that there is no check in the JDBCRealm and
>> more important in the Authorization if a permissionResolver is set. I made
>> my Realm working by catching a
>>
>> if(getPermissionResolver() == null) {
>>             setPermissionResolver(new WildcardPermissionResolver());
>>         }
>>
>> in the doGetAuthorizationInfo method but maybe this should be adressed
>> directly in the AuthorizationRealm?
>>
>>
>>
>> Best,
>>
>> Korbinian