UserConverter NPE when User.authorizations() returns null
jpenglert opened this issue · 4 comments
Version
4.3.7
Context
UserImpl
has a default constructor which does not initialize its authorizations
field. The UserConverter
class expects User.authorizations()
to return a non-null value. If an instance of UserImpl
is constructed using the default constructor and then later on serialized (since it implements ClusterSerializable
) it will result in a NPE when it delegates serialization to UserConverter
because UserConverter
does not perform a null check.
I encountered this with the Pac4jUser
class from org.pac4j:vertx-pac4j which extends UserImpl
and implements the default constructor which leaves the authorizations
field null. The VertxProfileManager
from org.pac4j:vertx-pac4j uses the Pac4jUser
default constructor.
Seems like UserConverter
should check if User.authorization()
returns null before attempting to serialize it.
Do you have a reproducer?
UserConverter.encode(new UserImpl());
Steps to reproduce
- Run
UserConverter.encode(new UserImpl());
in a unit test
Extra
I'll make a PR for this.
@pmlopes is it possible to get this in a 4.x
release? This is blocking an upgrade of one of our microservices from 3.x -> 4.x
Fixed in #653