From 193fa9b0a5243497a4bb1b6885dff584ff06920f Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 2 Feb 2024 11:04:23 +0100 Subject: fix(core): possible NullPointerException during get generic data from session --- .../impl/idp/controller/protocols/RequestImpl.java | 79 ++++++++++------------ 1 file changed, 37 insertions(+), 42 deletions(-) (limited to 'eaaf_core/src/main/java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java index 27b032e3..fcb7cc27 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java @@ -112,7 +112,7 @@ public abstract class RequestImpl implements IRequest, Serializable { private boolean needUserConsent = false; private boolean currentlyInIframe = false; - + private final Map genericDataStorage = new HashMap<>(); /** @@ -132,9 +132,10 @@ public abstract class RequestImpl implements IRequest, Serializable { /** * Initialize this pendingRequest object. * - * @param req {@link HttpServletRequest} - * @param authConfig {@link IConfiguration} - * @param transactionId Unique ID for technical log correlation that should be used in this pendingRequest + * @param req {@link HttpServletRequest} + * @param authConfig {@link IConfiguration} + * @param transactionId Unique ID for technical log correlation that should be + * used in this pendingRequest * @throws EaafException * */ @@ -147,11 +148,13 @@ public abstract class RequestImpl implements IRequest, Serializable { /** * Initialize this pendingRequest object. * - * @param req {@link HttpServletRequest} - * @param authConfig {@link IConfiguration} - * @param transactionId Unique ID for technical log correlation that should be used in this pendingRequest - * @param piiTransactionId Unique ID for PII data correlation that should be used in this pendingRequest - * for logging. If 'null' a new one will be generated + * @param req {@link HttpServletRequest} + * @param authConfig {@link IConfiguration} + * @param transactionId Unique ID for technical log correlation that should + * be used in this pendingRequest + * @param piiTransactionId Unique ID for PII data correlation that should be + * used in this pendingRequest for logging. If 'null' a + * new one will be generated * * @throws EaafException * @@ -246,7 +249,6 @@ public abstract class RequestImpl implements IRequest, Serializable { this.passiv = passiv; } - public final void setForce(final boolean force) { this.force = force; } @@ -346,7 +348,7 @@ public abstract class RequestImpl implements IRequest, Serializable { /** * Inject Service-Provider configuration into that authentication process. - * + * * @param spConfig SP configuration */ @JsonIgnore @@ -381,8 +383,8 @@ public abstract class RequestImpl implements IRequest, Serializable { } /** - * Set an unique transaction identifier to correlate technical logging - * in one single transaction. + * Set an unique transaction identifier to correlate technical logging in one + * single transaction. * * @param id Unique identifier */ @@ -392,8 +394,8 @@ public abstract class RequestImpl implements IRequest, Serializable { } /** - * Set an unique session identifier to correlate technical logging over a set of transactions, - * like SSO as one example. + * Set an unique session identifier to correlate technical logging over a set of + * transactions, like SSO as one example. * * @param id Unique identifier */ @@ -405,7 +407,9 @@ public abstract class RequestImpl implements IRequest, Serializable { /** * Set an unique transaction identifier to correlate PII related data. * - *

This identifier will be not used for technical logging.

+ *

+ * This identifier will be not used for technical logging. + *

* * @param id Unique identifier */ @@ -414,7 +418,6 @@ public abstract class RequestImpl implements IRequest, Serializable { } - public void setProcessInstanceId(final String id) { this.processInstanceId = id; @@ -499,44 +502,35 @@ public abstract class RequestImpl implements IRequest, Serializable { @Override public void setProcessInFrame(boolean flag) { this.currentlyInIframe = flag; - - } - - @Override - public final Object getRawData(final String key) { - if (StringUtils.isNotEmpty(key)) { - return objectSaveJsonDeserialization(genericDataStorage.get(key)); - } - - log.info("Can not load generic request-data with key='null'"); - return null; } @Override - public final T getRawData(final String key, final Class clazz) { + public final Object getRawData(final String key) { if (StringUtils.isNotEmpty(key)) { final Object data = genericDataStorage.get(key); - if (data == null) { return null; } + return objectSaveJsonDeserialization(genericDataStorage.get(key)); - try { - Object deserializedObject = objectSaveJsonDeserialization(data); - return deserializedObject != null ? (T) deserializedObject : null; - - } catch (final Exception e) { - log.warn("Generic request-data object can not be casted to requested type", e); - return null; - - } } log.info("Can not load generic request-data with key='null'"); return null; + } + + @Override + public final T getRawData(final String key, final Class clazz) { + try { + final Object deserializedObject = getRawData(key); + return deserializedObject != null ? (T) deserializedObject : null; + } catch (final Exception e) { + log.warn("Generic request-data object can not be casted to requested type", e); + return null; + } } @Override @@ -583,6 +577,7 @@ public abstract class RequestImpl implements IRequest, Serializable { } + @Override public final void removeRawDataFromTransaction(String key) { genericDataStorage.remove(key); @@ -595,7 +590,7 @@ public abstract class RequestImpl implements IRequest, Serializable { .clazzzType(object.getClass().getName()) .build()); - } catch (EaafJsonMapperException e) { + } catch (final EaafJsonMapperException e) { throw new EaafStorageException("Can no serialize object to JSON", e); } @@ -604,9 +599,9 @@ public abstract class RequestImpl implements IRequest, Serializable { private Object objectSaveJsonDeserialization(Object data) { try { if (data instanceof String) { - RawDataHolder holder = (RawDataHolder) DefaultJsonMapper.deserialize( + final RawDataHolder holder = (RawDataHolder) DefaultJsonMapper.deserialize( (String) data, RawDataHolder.class); - Class clz = Class.forName(holder.getClazzzType()); + final Class clz = Class.forName(holder.getClazzzType()); return DefaultJsonMapper.deserialize(holder.getObject(), clz); } else { -- cgit v1.2.3