[bugfix] guard against NPE in securitymanager

Nico Verwer · line-o · commit 0adb4aa6a563 · 2023-12-12T12:40:51.000+01:00
fixes #4670
diff --git a/exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java b/exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java
@@ -77,13 +77,18 @@ private org.exist.dom.memtree.DocumentImpl functionId() {
 
             builder.startElement(new QName("id", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
 
-            builder.startElement(new QName("real", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
-            subjectToXml(builder, context.getRealUser());
-            builder.endElement();
+            final Subject realUser = context.getRealUser();
+            if (realUser != null) {
+                builder.startElement(new QName("real", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
+                subjectToXml(builder, realUser);
+                builder.endElement();
+            }
 
-            if (!sameUserWithSameGroups(context.getRealUser(), context.getEffectiveUser())) {
+            final Subject effectiveUser = context.getEffectiveUser();
+            if (effectiveUser != null && (
+                    realUser == null || !sameUserWithSameGroups(realUser, effectiveUser))) {
                 builder.startElement(new QName("effective", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
-                subjectToXml(builder, context.getEffectiveUser());
+                subjectToXml(builder, effectiveUser);
                 builder.endElement();
             }
 
diff --git a/exist-core/src/test/java/org/exist/xquery/functions/securitymanager/IdFunctionTest.java b/exist-core/src/test/java/org/exist/xquery/functions/securitymanager/IdFunctionTest.java
@@ -71,14 +71,14 @@ public void differingRealAndEffectiveUsers() throws XPathException, XpathExcepti
         expect(mckContext.getDocumentBuilder()).andReturn(new MemTreeBuilder());
         mckContext.popDocumentContext();
         expectLastCall().once();
-        expect(mckContext.getRealUser()).andReturn(mckRealUser).times(2);
+        expect(mckContext.getRealUser()).andReturn(mckRealUser);
         expect(mckRealUser.getName()).andReturn(realUsername);
         expect(mckRealUser.getGroups()).andReturn(new String[]{"realGroup1", "realGroup2"});
         expect(mckRealUser.getId()).andReturn(1);
 
         final Subject mckEffectiveUser = EasyMock.createMock(Subject.class);
         final String effectiveUsername = "effective";
-        expect(mckContext.getEffectiveUser()).andReturn(mckEffectiveUser).times(2);
+        expect(mckContext.getEffectiveUser()).andReturn(mckEffectiveUser);
         expect(mckEffectiveUser.getId()).andReturn(2);
         expect(mckEffectiveUser.getName()).andReturn(effectiveUsername);
         expect(mckEffectiveUser.getGroups()).andReturn(new String[]{"effectiveGroup1", "effectiveGroup2"});
@@ -127,7 +127,7 @@ public void sameRealAndEffectiveUsers() throws XPathException, XpathException {
         expect(mckContext.getDocumentBuilder()).andReturn(new MemTreeBuilder());
         mckContext.popDocumentContext();
         expectLastCall().once();
-        expect(mckContext.getRealUser()).andReturn(mckUser).times(2);
+        expect(mckContext.getRealUser()).andReturn(mckUser);
         expect(mckUser.getName()).andReturn(username);
         expect(mckUser.getGroups()).andReturn(new String[]{"group1", "group2"});
         expect(mckUser.getId()).andReturn(1);
@@ -183,15 +183,15 @@ public void differingByGroupRealAndEffectiveUsers() throws XPathException, Xpath
         expect(mckContext.getDocumentBuilder()).andReturn(new MemTreeBuilder());
         mckContext.popDocumentContext();
         expectLastCall().once();
-        expect(mckContext.getRealUser()).andReturn(mckRealUser).times(2);
+        expect(mckContext.getRealUser()).andReturn(mckRealUser);
         expect(mckRealUser.getName()).andReturn(realUsername);
         expect(mckRealUser.getGroups()).andReturn(new String[]{"realGroup1"});
         expect(mckRealUser.getId()).andReturn(101);
         expect(mckRealUser.getGroupIds()).andReturn(new int[] {101});
 
         final Subject mckEffectiveUser = EasyMock.createMock(Subject.class);
         final String effectiveUsername = "user1";
-        expect(mckContext.getEffectiveUser()).andReturn(mckEffectiveUser).times(2);
+        expect(mckContext.getEffectiveUser()).andReturn(mckEffectiveUser);
         expect(mckEffectiveUser.getId()).andReturn(101);
         expect(mckEffectiveUser.getName()).andReturn(effectiveUsername);
         expect(mckEffectiveUser.getGroups()).andReturn(new String[]{"realGroup1", "effectiveGroup1"});
