From 39c00dc42a005fd9c99bcc32d0fe10e01f6d8a87 Mon Sep 17 00:00:00 2001 From: Nico Verwer Date: Mon, 9 Jan 2023 13:38:08 +0100 Subject: [PATCH] [bugfix] guard against NPE in securitymanager fixes #4670 --- .../functions/securitymanager/IdFunction.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java b/exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java index 3d156836aa8..b52b280ffad 100644 --- a/exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java +++ b/exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java @@ -77,13 +77,17 @@ private org.exist.dom.memtree.DocumentImpl functionId() { builder.startElement(new QName("id", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null); - builder.startElement(new QName("real", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null); - subjectToXml(builder, context.getRealUser()); - builder.endElement(); + final Subject realUser = context.getRealUser(); + if (realUser != null) { + builder.startElement(new QName("real", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null); + subjectToXml(builder, realUser); + builder.endElement(); + } - if (!sameUserWithSameGroups(context.getRealUser(), context.getEffectiveUser())) { + final Subject effectiveUser = context.getEffectiveUser(); + if (effectiveUser != null && (realUser == null || !sameUserWithSameGroups(realUser, effectiveUser))) { builder.startElement(new QName("effective", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null); - subjectToXml(builder, context.getEffectiveUser()); + subjectToXml(builder, effectiveUser); builder.endElement(); }