Ravi Nori has uploaded a new change for review. Change subject: restapi : NullPointerException when Authorization header is passed(#916085) ......................................................................
restapi : NullPointerException when Authorization header is passed(#916085) When invalid authorization header is passed a null pointer exception is thrown on the server resulting in internal server error. Change-Id: I10b580dcc3fddbec8ccd80130e977aeb4ef37fb2 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=916085 Signed-off-by: Ravi Nori <rn...@redhat.com> --- M backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java 1 file changed, 9 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/78/13378/1 diff --git a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java index 85bbd80..154ba09 100644 --- a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java +++ b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java @@ -39,6 +39,7 @@ // do not log passwords protected static final String LOGIN_SUCCESS = "Login success, user: {0} domain: {1}"; protected static final String LOGIN_FAILURE = "Login failure, user: {0} domain: {1} reason: {2}"; + protected static final String NO_AUTH_TYPE = "Authorization failed due to missing authorization-type"; protected static final String VALIDATE_SESSION_SUCCESS = "Validating session succeeded"; protected static final String VALIDATE_SESSION_FAILURE = "Validating session failed, reason: {0}"; protected static final String NO_DOMAIN = "Missing domain component in User Principal Name (UPN)"; @@ -62,6 +63,9 @@ @Override public boolean validate(Principal principal, String sessionId) { + if (principal == null) { + return loginFailureNoAuthType(); + } if (principal.getDomain() == null) { return loginFailure(principal, NO_DOMAIN); } @@ -138,6 +142,11 @@ return loginFailure(principal, reasons != null ? reasons.toString() : null); } + private boolean loginFailureNoAuthType() { + LOG.infoFormat(NO_AUTH_TYPE); + return false; + } + private boolean loginFailure(Principal principal, String reason) { LOG.infoFormat(LOGIN_FAILURE, principal.getUser(), principal.getDomain(), reason); return false; -- To view, visit http://gerrit.ovirt.org/13378 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I10b580dcc3fddbec8ccd80130e977aeb4ef37fb2 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: engine_3.2 Gerrit-Owner: Ravi Nori <rn...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
