Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8504

Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)

XMLWordPrintable

      Coverity static-analysis scan found possible dereference null return value in following code

      ServerAuthenticationContext.java
      if (log.isTraceEnabled()) {
                log.tracef("Authorizing principal %s.", authenticationPrincipal.getName());
                log.tracef("Authorizing against the following attributes: %s => %s",
                        authorizationIdentity.getAttributes().keySet(), authorizationIdentity.getAttributes().values());
            }

      Coverity suppose null value could get here via AggregateSecurityRealm.Identity.getAuthorizationIdentity calling TokenSecurityRealm.TokenRealmIdentity.getAuthorizationIdentity

      TokenRealmIdentity.java
              @Override
        public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
            if (exists()) {
                return new AuthorizationIdentity() {
                    @Override
                    public Attributes getAttributes() {
                        return claims;
                    }
                };
            }

            return null;
        }

      https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=8553790&defectInstanceId=2139010&mergedDefectId=1397421&eventId=2139010-2

              rhn-support-ivassile Ilia Vassilev
              mchoma@redhat.com Martin Choma
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: