[Minor] Handle NPE in DefaultPrivilegeHandler.detectPrivilegeConflicts()
This commit is contained in:
parent
27d62cd6af
commit
e0f7bd57da
|
@ -223,7 +223,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
PrivilegeContext prvCtx = validate(certificate);
|
PrivilegeContext prvCtx = validate(certificate);
|
||||||
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_ACTION, PRIVILEGE_ACTION_GET_CERTIFICATES));
|
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_ACTION, PRIVILEGE_ACTION_GET_CERTIFICATES));
|
||||||
|
|
||||||
return this.privilegeContextMap.values().stream().map(PrivilegeContext::getCertificate)
|
return this.privilegeContextMap.values()
|
||||||
|
.stream()
|
||||||
|
.map(PrivilegeContext::getCertificate)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -237,8 +239,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
Stream<Role> rolesStream = this.persistenceHandler.getAllRoles().stream();
|
Stream<Role> rolesStream = this.persistenceHandler.getAllRoles().stream();
|
||||||
|
|
||||||
// validate access to each role
|
// validate access to each role
|
||||||
rolesStream = rolesStream
|
rolesStream = rolesStream.filter(
|
||||||
.filter(role -> prvCtx.hasPrivilege(new SimpleRestrictable(PRIVILEGE_GET_ROLE, new Tuple(null, role))));
|
role -> prvCtx.hasPrivilege(new SimpleRestrictable(PRIVILEGE_GET_ROLE, new Tuple(null, role))));
|
||||||
|
|
||||||
return rolesStream.map(Role::asRoleRep).collect(Collectors.toList());
|
return rolesStream.map(Role::asRoleRep).collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
@ -253,8 +255,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
Stream<User> usersStream = this.persistenceHandler.getAllUsers().stream();
|
Stream<User> usersStream = this.persistenceHandler.getAllUsers().stream();
|
||||||
|
|
||||||
// validate access to each user
|
// validate access to each user
|
||||||
usersStream = usersStream
|
usersStream = usersStream.filter(
|
||||||
.filter(user -> prvCtx.hasPrivilege(new SimpleRestrictable(PRIVILEGE_GET_USER, new Tuple(null, user))));
|
user -> prvCtx.hasPrivilege(new SimpleRestrictable(PRIVILEGE_GET_USER, new Tuple(null, user))));
|
||||||
|
|
||||||
return usersStream.map(User::asUserRep).collect(Collectors.toList());
|
return usersStream.map(User::asUserRep).collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
@ -1493,7 +1495,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
List<Certificate> sessions = new ArrayList<>(this.privilegeContextMap.values()).stream()
|
List<Certificate> sessions = new ArrayList<>(this.privilegeContextMap.values()).stream()
|
||||||
.map(PrivilegeContext::getCertificate).filter(c -> !c.getUserState().isSystem())
|
.map(PrivilegeContext::getCertificate)
|
||||||
|
.filter(c -> !c.getUserState().isSystem())
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
|
|
||||||
try (OutputStream fout = Files.newOutputStream(this.persistSessionsPath.toPath());
|
try (OutputStream fout = Files.newOutputStream(this.persistSessionsPath.toPath());
|
||||||
|
@ -1506,9 +1509,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("Failed to persist sessions!", e);
|
logger.error("Failed to persist sessions!", e);
|
||||||
if (this.persistSessionsPath.exists() && !this.persistSessionsPath.delete()) {
|
if (this.persistSessionsPath.exists() && !this.persistSessionsPath.delete()) {
|
||||||
logger.error(
|
logger.error("Failed to delete sessions file after failing to write to it, at "
|
||||||
"Failed to delete sessions file after failing to write to it, at " + this.persistSessionsPath
|
+ this.persistSessionsPath.getAbsolutePath());
|
||||||
.getAbsolutePath());
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1643,9 +1645,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
} else if (user.getHashAlgorithm() == null || user.getHashIterations() == -1 || user.getHashKeyLength() == -1) {
|
} else if (user.getHashAlgorithm() == null || user.getHashIterations() == -1 || user.getHashKeyLength() == -1) {
|
||||||
passwordHash = this.encryptionHandler.hashPassword(password, salt);
|
passwordHash = this.encryptionHandler.hashPassword(password, salt);
|
||||||
} else {
|
} else {
|
||||||
passwordHash = this.encryptionHandler
|
passwordHash = this.encryptionHandler.hashPassword(password, salt, user.getHashAlgorithm(),
|
||||||
.hashPassword(password, salt, user.getHashAlgorithm(), user.getHashIterations(),
|
user.getHashIterations(), user.getHashKeyLength());
|
||||||
user.getHashKeyLength());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate password
|
// validate password
|
||||||
|
@ -2130,6 +2131,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
Set<String> userRoles = user.getRoles();
|
Set<String> userRoles = user.getRoles();
|
||||||
for (String roleName : userRoles) {
|
for (String roleName : userRoles) {
|
||||||
Role role = this.persistenceHandler.getRole(roleName);
|
Role role = this.persistenceHandler.getRole(roleName);
|
||||||
|
if (role == null)
|
||||||
|
throw new IllegalStateException("Role " + roleName + " does not exist for user " + user.getUsername());
|
||||||
for (String privilegeName : role.getPrivilegeNames()) {
|
for (String privilegeName : role.getPrivilegeNames()) {
|
||||||
String roleOrigin = privilegeNames.get(privilegeName);
|
String roleOrigin = privilegeNames.get(privilegeName);
|
||||||
if (roleOrigin == null) {
|
if (roleOrigin == null) {
|
||||||
|
@ -2300,8 +2303,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
* This method instantiates a {@link PrivilegePolicy} object from the given policyName. The {@link PrivilegePolicy}
|
* This method instantiates a {@link PrivilegePolicy} object from the given policyName. The {@link PrivilegePolicy}
|
||||||
* is not stored in a database. The privilege name is a class name and is then used to instantiate a new {@link
|
* is not stored in a database. The privilege name is a class name and is then used to instantiate a new
|
||||||
* PrivilegePolicy} object
|
* {@link PrivilegePolicy} object
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @param policyName
|
* @param policyName
|
||||||
|
|
Loading…
Reference in New Issue