-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
-
None
Coverity found possible dereference of null.
executePrincipalQuery() can return null and credential.matches() is called without check
JdbcSecurityRealm.java
@Override 156 public <C extends Credential> C getCredential(final Class<C> credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException { 157 Assert.checkNotNullParam("credentialType", credentialType); 158 for (QueryConfiguration configuration : JdbcSecurityRealm.this.queryConfiguration) { 159 for (KeyMapper keyMapper : configuration.getColumnMappers(KeyMapper.class)) { 160 if (keyMapper.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec).mayBeSupported()) { 161 final Credential credential = executePrincipalQuery(configuration, r -> keyMapper.map(r, providers)); 162 if (credential.matches(credentialType, algorithmName, parameterSpec)) { 163 return credentialType.cast(credential); 164 } 165 } 166 } 167 } 168 169 return null; 170 }
- clones
-
JBEAP-11424 Coverity, Dereference null return value, JdbcSecurityRealm (Elytron)
- Closed