You are viewing a plain text version of this content. The canonical link for it is here.
Posted to pluto-dev@portals.apache.org by "Brian DeHamer (JIRA)" <ji...@apache.org> on 2008/10/20 18:53:44 UTC
[jira] Updated: (PLUTO-514) Invoking PortletRequest.isUserInRole()
results in NPE if no elements defined
[ https://issues.apache.org/jira/browse/PLUTO-514?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian DeHamer updated PLUTO-514:
--------------------------------
Attachment: patch-514.txt
The attached patch to the PortletRequestImpl class updates the isUserInRole() method to ensure that the List returned by PortletDD.getSecurityRoleRefs() is non-null before invoking its iterator() method
> Invoking PortletRequest.isUserInRole() results in NPE if no <security-role-ref> elements defined
> ------------------------------------------------------------------------------------------------
>
> Key: PLUTO-514
> URL: https://issues.apache.org/jira/browse/PLUTO-514
> Project: Pluto
> Issue Type: Bug
> Components: portlet container
> Affects Versions: 2.0.0
> Environment: JDK 1.5.0_16, Tomcat 5.5.27
> Reporter: Brian DeHamer
> Fix For: 2.0.0
>
> Attachments: patch-514.txt
>
>
> If you have not declared any security roles for a portlet in the deployment descriptor (portlet.xml) and then invoke the isUserInRole() method of either the RenderRequest or ActionRequest objects, a NullPointerException is thrown:
> java.lang.NullPointerException
> at org.apache.pluto.internal.impl.PortletRequestImpl.isUserInRole(PortletRequestImpl.java:400)
> In the isUserInRole() method of the PortletRequestImpl class the getSecurityRoleRefs() method of the PortletDD is invoked and then an iterator is requested for the returned List -- however, the return value of getSecurityRoleRefs() is not checked for a null value before invoking the iterator() method.
> As a workaround you can make sure that you always declare at least on <security-role-ref> element in your portlet.xml file -- this will ensure that the list returned by getSecurityRoleRefs() is not null.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.