Spring Security
  1. Spring Security
  2. SEC-1519

Uninitialized auditLogger and aclAuthorizationStrategy fields in EhCacheBasedAclCache

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Complete
    • Affects Version/s: 3.0.3
    • Fix Version/s: 3.1.0.M1
    • Component/s: ACLs
    • Labels:
      None

      Description

      The "auditLogger" and "aclAuthorizationStrategy" fields of EhCacheBasedAclCache class are initialized by the first "putInCache" method call:
      ...
      if (this.aclAuthorizationStrategy == null) {
      if (acl instanceof AclImpl)

      { this.aclAuthorizationStrategy = (AclAuthorizationStrategy) FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", acl); this.auditLogger = (AuditLogger) FieldUtils.getProtectedFieldValue("auditLogger", acl); }

      }
      ...

      In a clustered EhCache environment, with cache configured for replication, the problem is that if you invoke "initializeTransientFields" (through getFromCache methods) on a node before any "putInCache", both fields are null so a NullPointerException is thrown similarly to SEC-1514.

      I think the solution is very simple: remove the initialization of "auditLogger" and "aclAuthorizationStrategy" from the "putInCache" method and use constructor (or method) injection of both properties.

        Activity

        Hide
        Luke Taylor added a comment -

        Thanks for the report. As you suggest, I've added an extra constructor which takes the strategy references in addition to the cache object.

        I've marked the original one as deprecated for the time being..

        Show
        Luke Taylor added a comment - Thanks for the report. As you suggest, I've added an extra constructor which takes the strategy references in addition to the cache object. I've marked the original one as deprecated for the time being..

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Gianni Ferrero
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: