Kuali Rice Development
  1. Kuali Rice Development
  2. KULRICE-6320

Allow passing in null PermissionDetails when having to perform generic permission match

    Details

    • Type: Bug Fix Bug Fix
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.0-b4, 2.0
    • Component/s: Development
    • Security Level: Public (Public: Anyone can view)
    • Labels:
      None
    • Similar issues:
      KULRICE-6349Allow passing in null qualification while performing authorization checks
      KULRICE-7566Should consider if a principal should be allowed to have a null principal name
      KULRICE-7263Passing Collections.emptyMap() as role qualifier causes failures in KIM
      KULRICE-7612Update core and location services to not throw exceptions when passed null arguments
      KULRICE-6980KIM update API not allowing updates unless version number is passed
      KULRICE-3984Cancel Document permission does not work
      KULRICE-8252Permission check for super user tab seems to be using the wrong namespace
      KULRICE-4082Kim Permission document isn't able to edit permissions with KimType of 10 because it can't find the ParameterDetailType matching the namespace and componentName.
      KULRICE-12842RoleDaoJdbc generating wrong SQL when null qualifier passed in.
      KULRICE-8844KualiDocumentFormBase permission checks are more expensive than they have to be
    • Rice Module:
      KIM
    • Application Requirement:
      Rice
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required

      Description

      Even though null permissionDetails is a valid input for PermissionService.getMatchingPermissions method, calling apps are forced to send a not-null argument.

      See relevant code below:

      protected List<Permission> getMatchingPermissions( List<PermissionBo> permissions, Map<String, String> permissionDetails ) {
      List<Permission> applicablePermissions = new ArrayList<Permission>();
      if ( permissionDetails == null || permissionDetails.isEmpty() )

      { // if no details passed, assume that all match ..... ..... }

        Activity

        Hide
        Chitra Chandran added a comment -

        Exception stacktrace thrown by the incomingParamCheck method even when null is a valid input:

        2011-12-09 11:42:15,682 [qtp446717346-116] D: U:10000000001 [127.0.0.1] ERROR org.kuali.rice.kns.web.struts.form.pojo.StrutsExceptionIncidentHandler :: Exception being handled by Exception Handler
        org.kuali.rice.core.api.exception.RiceIllegalArgumentException: permissionDetails was null
        at org.kuali.rice.kim.impl.permission.PermissionServiceImpl.incomingParamCheck(PermissionServiceImpl.java:674)
        at org.kuali.rice.kim.impl.permission.PermissionServiceImpl.isAuthorized(PermissionServiceImpl.java:117)
        at sun.reflect.GeneratedMethodAccessor359.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196)
        at $Proxy108.isAuthorized(Unknown Source)
        at org.kuali.kra.service.impl.KraAuthorizationServiceImpl.hasPermission(KraAuthorizationServiceImpl.java:134)
        at org.kuali.kra.proposaldevelopment.document.authorizer.ProposalAuthorizer.hasProposalPermission(ProposalAuthorizer.java:68)
        at org.kuali.kra.proposaldevelopment.document.authorizer.BasicProposalAuthorizer.isAuthorized(BasicProposalAuthorizer.java:42)
        at org.kuali.kra.proposaldevelopment.document.authorizer.ProposalAuthorizer.isAuthorized(ProposalAuthorizer.java:40)
        at org.kuali.kra.service.impl.TaskAuthorizationServiceImpl.isAuthorized(TaskAuthorizationServiceImpl.java:66)
        at sun.reflect.GeneratedMethodAccessor310.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
        at $Proxy208.isAuthorized(Unknown Source)
        at org.kuali.kra.proposaldevelopment.document.authorization.ProposalDevelopmentDocumentAuthorizer.canExecuteProposalTask(ProposalDevelopmentDocumentAuthorizer.java:220)
        at org.kuali.kra.proposaldevelopment.document.authorization.ProposalDevelopmentDocumentAuthorizer.canExecuteTask(ProposalDevelopmentDocumentAuthorizer.java:207)
        at org.kuali.kra.proposaldevelopment.document.authorization.ProposalDevelopmentDocumentAuthorizer.setPermissions(ProposalDevelopmentDocumentAuthorizer.java:157)
        at org.kuali.kra.proposaldevelopment.document.authorization.ProposalDevelopmentDocumentAuthorizer.getEditModes(ProposalDevelopmentDocumentAuthorizer.java:72)
        at org.kuali.kra.web.struts.action.KraTransactionalDocumentActionBase.populateAuthorizationFields(KraTransactionalDocumentActionBase.java:493)
        at org.kuali.rice.kns.web.struts.action.KualiDocumentActionBase.execute(KualiDocumentActionBase.java:205)
        at org.kuali.kra.web.struts.action.KraTransactionalDocumentActionBase.execute(KraTransactionalDocumentActionBase.java:146)
        at org.kuali.kra.proposaldevelopment.web.struts.action.ProposalDevelopmentAction.execute(ProposalDevelopmentAction.java:228)
        at org.kuali.kra.proposaldevelopment.web.struts.action.ProposalDevelopmentProposalAction.execute(ProposalDevelopmentProposalAction.java:124)
        at org.kuali.rice.kns.web.struts.action.KualiRequestProcessor.processActionPerform(KualiRequestProcessor.java:527)
        at org.kuali.kra.web.struts.action.KraRequestProcessor.processActionPerform(KraRequestProcessor.java:74)
        at org.kuali.rice.kns.web.struts.action.KualiRequestProcessor$1.doInTransaction(KualiRequestProcessor.java:248)
        at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130)
        at org.kuali.rice.kns.web.struts.action.KualiRequestProcessor.processFormActionAndForward(KualiRequestProcessor.java:209)
        at org.kuali.rice.kns.web.struts.action.KualiRequestProcessor.strutsProcess(KualiRequestProcessor.java:202)
        at org.kuali.rice.kns.web.struts.action.KualiRequestProcessor.process(KualiRequestProcessor.java:89)
        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
        at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:538)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1352)
        at org.kuali.kra.web.filter.RequestLoggingFilter.doFilter(RequestLoggingFilter.java:97)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)
        at org.kuali.rice.kew.web.UserLoginFilter.doFilter(UserLoginFilter.java:88)
        at org.kuali.rice.kew.web.UserLoginFilter.doFilter(UserLoginFilter.java:76)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)
        at org.kuali.rice.kew.web.BootstrapFilterChain.doFilter(BootstrapFilter.java:271)
        at org.kuali.rice.kew.web.DummyLoginFilter.doFilter(DummyLoginFilter.java:96)
        at org.kuali.rice.kew.web.DummyLoginFilter.doFilter(DummyLoginFilter.java:55)
        at org.kuali.rice.kew.web.BootstrapFilterChain.doFilter(BootstrapFilter.java:264)
        at org.kuali.rice.kew.web.BootstrapFilter.doFilter(BootstrapFilter.java:162)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)
        at org.kuali.kra.web.filter.PerformanceLoggingFilter.doFilter(PerformanceLoggingFilter.java:73)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)
        at org.kuali.kra.web.filter.SessionExpiredFilter.doFilter(SessionExpiredFilter.java:46)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)
        at org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)
        at org.kuali.rice.krad.web.filter.HideWebInfFilter.doFilter(HideWebInfFilter.java:69)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:476)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:247)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
        at org.eclipse.jetty.server.Server.handle(Server.java:346)
        at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)
        at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1065)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:823)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:220)
        at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)
        at java.lang.Thread.run(Thread.java:662)

        Show
        Chitra Chandran added a comment - Exception stacktrace thrown by the incomingParamCheck method even when null is a valid input: 2011-12-09 11:42:15,682 [qtp446717346-116] D: U:10000000001 [127.0.0.1] ERROR org.kuali.rice.kns.web.struts.form.pojo.StrutsExceptionIncidentHandler :: Exception being handled by Exception Handler org.kuali.rice.core.api.exception.RiceIllegalArgumentException: permissionDetails was null at org.kuali.rice.kim.impl.permission.PermissionServiceImpl.incomingParamCheck(PermissionServiceImpl.java:674) at org.kuali.rice.kim.impl.permission.PermissionServiceImpl.isAuthorized(PermissionServiceImpl.java:117) at sun.reflect.GeneratedMethodAccessor359.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196) at $Proxy108.isAuthorized(Unknown Source) at org.kuali.kra.service.impl.KraAuthorizationServiceImpl.hasPermission(KraAuthorizationServiceImpl.java:134) at org.kuali.kra.proposaldevelopment.document.authorizer.ProposalAuthorizer.hasProposalPermission(ProposalAuthorizer.java:68) at org.kuali.kra.proposaldevelopment.document.authorizer.BasicProposalAuthorizer.isAuthorized(BasicProposalAuthorizer.java:42) at org.kuali.kra.proposaldevelopment.document.authorizer.ProposalAuthorizer.isAuthorized(ProposalAuthorizer.java:40) at org.kuali.kra.service.impl.TaskAuthorizationServiceImpl.isAuthorized(TaskAuthorizationServiceImpl.java:66) at sun.reflect.GeneratedMethodAccessor310.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at $Proxy208.isAuthorized(Unknown Source) at org.kuali.kra.proposaldevelopment.document.authorization.ProposalDevelopmentDocumentAuthorizer.canExecuteProposalTask(ProposalDevelopmentDocumentAuthorizer.java:220) at org.kuali.kra.proposaldevelopment.document.authorization.ProposalDevelopmentDocumentAuthorizer.canExecuteTask(ProposalDevelopmentDocumentAuthorizer.java:207) at org.kuali.kra.proposaldevelopment.document.authorization.ProposalDevelopmentDocumentAuthorizer.setPermissions(ProposalDevelopmentDocumentAuthorizer.java:157) at org.kuali.kra.proposaldevelopment.document.authorization.ProposalDevelopmentDocumentAuthorizer.getEditModes(ProposalDevelopmentDocumentAuthorizer.java:72) at org.kuali.kra.web.struts.action.KraTransactionalDocumentActionBase.populateAuthorizationFields(KraTransactionalDocumentActionBase.java:493) at org.kuali.rice.kns.web.struts.action.KualiDocumentActionBase.execute(KualiDocumentActionBase.java:205) at org.kuali.kra.web.struts.action.KraTransactionalDocumentActionBase.execute(KraTransactionalDocumentActionBase.java:146) at org.kuali.kra.proposaldevelopment.web.struts.action.ProposalDevelopmentAction.execute(ProposalDevelopmentAction.java:228) at org.kuali.kra.proposaldevelopment.web.struts.action.ProposalDevelopmentProposalAction.execute(ProposalDevelopmentProposalAction.java:124) at org.kuali.rice.kns.web.struts.action.KualiRequestProcessor.processActionPerform(KualiRequestProcessor.java:527) at org.kuali.kra.web.struts.action.KraRequestProcessor.processActionPerform(KraRequestProcessor.java:74) at org.kuali.rice.kns.web.struts.action.KualiRequestProcessor$1.doInTransaction(KualiRequestProcessor.java:248) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130) at org.kuali.rice.kns.web.struts.action.KualiRequestProcessor.processFormActionAndForward(KualiRequestProcessor.java:209) at org.kuali.rice.kns.web.struts.action.KualiRequestProcessor.strutsProcess(KualiRequestProcessor.java:202) at org.kuali.rice.kns.web.struts.action.KualiRequestProcessor.process(KualiRequestProcessor.java:89) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:538) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1352) at org.kuali.kra.web.filter.RequestLoggingFilter.doFilter(RequestLoggingFilter.java:97) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323) at org.kuali.rice.kew.web.UserLoginFilter.doFilter(UserLoginFilter.java:88) at org.kuali.rice.kew.web.UserLoginFilter.doFilter(UserLoginFilter.java:76) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323) at org.kuali.rice.kew.web.BootstrapFilterChain.doFilter(BootstrapFilter.java:271) at org.kuali.rice.kew.web.DummyLoginFilter.doFilter(DummyLoginFilter.java:96) at org.kuali.rice.kew.web.DummyLoginFilter.doFilter(DummyLoginFilter.java:55) at org.kuali.rice.kew.web.BootstrapFilterChain.doFilter(BootstrapFilter.java:264) at org.kuali.rice.kew.web.BootstrapFilter.doFilter(BootstrapFilter.java:162) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323) at org.kuali.kra.web.filter.PerformanceLoggingFilter.doFilter(PerformanceLoggingFilter.java:73) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323) at org.kuali.kra.web.filter.SessionExpiredFilter.doFilter(SessionExpiredFilter.java:46) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323) at org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323) at org.kuali.rice.krad.web.filter.HideWebInfFilter.doFilter(HideWebInfFilter.java:69) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:476) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:247) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) at org.eclipse.jetty.server.Server.handle(Server.java:346) at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589) at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1065) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:823) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:220) at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529) at java.lang.Thread.run(Thread.java:662)
        Hide
        Chitra Chandran added a comment -

        PermissionService methods listed below all internally call getMatchingPermissions which anticipates and handles null input for permissionDetails. Yet, all of these methods check for not-null value for it even when they all use it just for passing it to getMatchingPermissions method.

        getAuthorizedPermissions(String, String, String, Map<String, String>, Map<String, String>)
        getAuthorizedPermissionsByTemplateName(String, String, String, Map<String, String>, Map<String, String>)
        getRoleIdsForPermission(String, String, Map<String, String>)
        getRoleIdsForPermissionTemplate(String, String, Map<String, String>)
        isPermissionDefined(String, String, Map<String, String>)
        isPermissionDefinedByTemplateName(String, String, Map<String, String>)

        Show
        Chitra Chandran added a comment - PermissionService methods listed below all internally call getMatchingPermissions which anticipates and handles null input for permissionDetails. Yet, all of these methods check for not-null value for it even when they all use it just for passing it to getMatchingPermissions method. getAuthorizedPermissions(String, String, String, Map<String, String>, Map<String, String>) getAuthorizedPermissionsByTemplateName(String, String, String, Map<String, String>, Map<String, String>) getRoleIdsForPermission(String, String, Map<String, String>) getRoleIdsForPermissionTemplate(String, String, Map<String, String>) isPermissionDefined(String, String, Map<String, String>) isPermissionDefinedByTemplateName(String, String, Map<String, String>)
        Hide
        Chitra Chandran added a comment -

        Have committed the relevant change and tested against KC.

        Show
        Chitra Chandran added a comment - Have committed the relevant change and tested against KC.
        Hide
        Jessica Coltrin (Inactive) added a comment -

        Closing since these items are now in the release notes.

        Show
        Jessica Coltrin (Inactive) added a comment - Closing since these items are now in the release notes.

          People

          • Assignee:
            Chitra Chandran
            Reporter:
            Chitra Chandran
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Structure Helper Panel