[jboss-cvs] Picketbox SVN: r229 - trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Tue Jun 21 10:55:05 EDT 2011


Author: mmoyses
Date: 2011-06-21 10:55:05 -0400 (Tue, 21 Jun 2011)
New Revision: 229

Added:
   trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/SecurityActions.java
Modified:
   trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/LdapAttributeMappingProvider.java
Log:
SECURITY-438: fixing NPE when attribute list is null

Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/LdapAttributeMappingProvider.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/LdapAttributeMappingProvider.java	2011-06-15 15:43:12 UTC (rev 228)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/LdapAttributeMappingProvider.java	2011-06-21 14:55:05 UTC (rev 229)
@@ -120,7 +120,6 @@
       this.options = options;
    }
 
-   @SuppressWarnings("unchecked")
    public void performMapping(Map<String, Object> map, List<Attribute<String>> mappedObject)
    {
       List<Attribute<String>> attributeList = new ArrayList<Attribute<String>>();
@@ -165,8 +164,11 @@
          }
          
          InitialLdapContext ctx;
+         ClassLoader currentTCCL = SecurityActions.getContextClassLoader();
          try
          {
+            if (currentTCCL != null)
+               SecurityActions.setContextClassLoader(null);
             ctx = this.constructInitialLdapContext(bindDN, bindCredential);
          }
          catch (NamingException e)
@@ -205,7 +207,7 @@
          
          constraints.setReturningAttributes(neededAttributes);
 
-         NamingEnumeration results = null;
+         NamingEnumeration<SearchResult> results = null;
 
          Object[] filterArgs = {user};
          try
@@ -218,7 +220,7 @@
                results.close();
                throw new NamingException("Search of baseDN(" + baseDN + ") found no matches");
             } 
-            SearchResult sr = (SearchResult) results.next();
+            SearchResult sr = results.next();
             String name = sr.getName();
             String userDN = null;
             if (sr.isRelative() == true)
@@ -256,6 +258,10 @@
             {
                if (results != null)
                   results.close();
+               if (ctx != null)
+                  ctx.close();
+               if (currentTCCL != null)
+                  SecurityActions.setContextClassLoader(currentTCCL);
             }            
          }catch(NamingException ne)
          {
@@ -283,14 +289,13 @@
    } 
    
    
-   @SuppressWarnings("unchecked")
    private InitialLdapContext constructInitialLdapContext(String dn, Object credential) throws NamingException
    {
       Properties env = new Properties();
-      Iterator iter = options.entrySet().iterator();
+      Iterator<Entry<String, Object>> iter = options.entrySet().iterator();
       while (iter.hasNext())
       {
-         Entry entry = (Entry) iter.next();
+         Entry<String, Object> entry = iter.next();
          env.put(entry.getKey(), entry.getValue());
       }
 
@@ -333,10 +338,13 @@
    private String[] getNeededAttributes(String commaSeparatedList)
    {
       ArrayList<String> arrayList = new ArrayList<String>();
-      StringTokenizer st = new StringTokenizer(commaSeparatedList,",");
-      while(st.hasMoreTokens())
+      if (commaSeparatedList != null)
       {
-         arrayList.add(st.nextToken());
+         StringTokenizer st = new StringTokenizer(commaSeparatedList,",");
+         while(st.hasMoreTokens())
+         {
+            arrayList.add(st.nextToken());
+         }
       }
       String[] strArr = new String[arrayList.size()];
       return arrayList.toArray(strArr); 

Added: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/SecurityActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/SecurityActions.java	                        (rev 0)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/SecurityActions.java	2011-06-21 14:55:05 UTC (rev 229)
@@ -0,0 +1,59 @@
+/*
+  * JBoss, Home of Professional Open Source
+  * Copyright 2007, JBoss Inc., and individual contributors as indicated
+  * by the @authors tag. See the copyright.txt in the distribution for a
+  * full listing of individual contributors.
+  *
+  * This is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as
+  * published by the Free Software Foundation; either version 2.1 of
+  * the License, or (at your option) any later version.
+  *
+  * This software is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  * Lesser General Public License for more details.
+  *
+  * You should have received a copy of the GNU Lesser General Public
+  * License along with this software; if not, write to the Free
+  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  */
+package org.jboss.security.mapping.providers.attribute;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+
+/**
+ *  Privileged Blocks
+ *  @author Anil.Saldhana at redhat.com
+ *  @since  Sep 26, 2007 
+ *  @version $Revision$
+ */
+class SecurityActions
+{
+   static ClassLoader getContextClassLoader()
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+      { 
+         public ClassLoader run()
+         { 
+            return Thread.currentThread().getContextClassLoader();
+         }
+       });  
+   }
+   
+   static Void setContextClassLoader(final ClassLoader cl)
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<Void>()
+      {
+         public Void run()
+         {
+            Thread.currentThread().setContextClassLoader(cl);
+            return null;
+         }
+      });
+   }
+   
+}
\ No newline at end of file



More information about the jboss-cvs-commits mailing list