From 4b34d911eb606d05f4bdc9c4f73e8e6283565bf9 Mon Sep 17 00:00:00 2001 From: Brett Porter Date: Fri, 6 Mar 2009 16:08:12 +0000 Subject: [PATCH] [MNG-1106] guard against NPE which can be generated by the LDAP user manager if misconfigured git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@750953 13f79535-47bb-0310-9956-ffa450edef68 --- .../archiva/security/ArchivaServletAuthenticator.java | 4 ++++ .../maven/archiva/security/DefaultUserRepositories.java | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java index 11d39592d..1b533d30f 100644 --- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java +++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java @@ -105,6 +105,10 @@ public class ArchivaServletAuthenticator } User user = securitySystem.getUserManager().findUser( principal ); + if ( user == null ) + { + throw new UnauthorizedException( "The security system had an internal error - please check your system logs" ); + } if ( user.isLocked() ) { throw new UnauthorizedException( "User account is locked." ); diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java index 842a5e647..d99b08932 100644 --- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java +++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java @@ -77,6 +77,10 @@ public class DefaultUserRepositories try { User user = securitySystem.getUserManager().findUser( principal ); + if ( user == null ) + { + throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" ); + } if ( user.isLocked() ) { @@ -145,6 +149,10 @@ public class DefaultUserRepositories try { User user = securitySystem.getUserManager().findUser( principal ); + if ( user == null ) + { + throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" ); + } if ( user.isLocked() ) { -- 2.39.5