Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

SakaiPersonManager.save can throw a NPE if no session has been established

Description

SakaiPersonManager.save can throw a NPE if no session has been established. This is because it uses a String.equals(String) to compare, which is not null safe and an NPE could be thrown when evaluating which causes a stack trace:

// if it is a user mutable record, ensure the user is updating their own record
if (!SessionManager.getCurrentSessionUserId().equals(sakaiPerson.getAgentUuid()) && !SecurityService.isSuperUser())
{
// AuthZ - Ensure the current user is updating their own record
if (!SessionManager.getCurrentSessionUserId().equals(sakaiPerson.getAgentUuid()))
throw new IllegalAccessError("You do not have permissions to update this record!");
}

2011-10-27 09:33:37,717 ERROR main org.sakaiproject.profile2.logic.SakaiProxyImpl - SakaiProxy.updateSakaiPerson(): Couldn't update SakaiPerson: class java.lang.NullPointerException : null
java.lang.NullPointerException
at org.sakaiproject.component.common.edu.person.SakaiPersonManagerImpl.save(SakaiPersonManagerImpl.java:302)

is depended on by

Activity

Show:

Hudson CI Server October 26, 2011 at 4:09 PM

Integrated in common trunk #339 (See http://builds.sakaiproject.org:8080/job/common%20trunk/339/)
fix possible NPE if no session has been established by changing the string equals logic to use StringUtils which is null safe.

Steve Swinsburg October 26, 2011 at 3:56 PM

r100185

Fixed

Details

Priority

Affects versions

Fix versions

Components

Assignee

Reporter

Created October 26, 2011 at 3:51 PM
Updated December 5, 2012 at 1:45 AM
Resolved October 26, 2011 at 3:56 PM