From d5a6ea044d0fc9f723e1dc276f0cfc3041055c01 Mon Sep 17 00:00:00 2001
From: Francois Beausoleil <fbos@users.sourceforge.net>
Date: Wed, 19 May 2004 12:34:52 +0000
Subject: [PATCH] =?UTF-8?q?Implemented=20a=20fix=20for=20a=20NullPointerEx?=
 =?UTF-8?q?ception=20as=20reported=20by=20Pierre-Antoine=20Gr=EF=BF=BDgoir?=
 =?UTF-8?q?e=20(pa.gregoire@free.fr)=20"The=20error=20comes=20from=20line?=
 =?UTF-8?q?=20115=20in=20AuthorizeTag....It=20seems=20there's=20no=20contr?=
 =?UTF-8?q?ol=20for=20a=20null=20value=20here..."?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
  Added a new test to confirm the existence of the bug.

* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
  And fixed the failing test.
---
 .../org/acegisecurity/taglibs/authz/AuthorizeTag.java    | 4 ++++
 .../acegisecurity/taglibs/authz/AuthorizeTagTests.java   | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java b/core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java
index 87c9b453ae..92d1f304d5 100644
--- a/core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java
+++ b/core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java
@@ -112,6 +112,10 @@ public class AuthorizeTag extends TagSupport {
 
         Authentication currentUser = context.getAuthentication();
 
+        if (null == currentUser) {
+            return Collections.EMPTY_LIST;
+        }
+
         Collection granted = Arrays.asList(currentUser.getAuthorities());
 
         return granted;
diff --git a/core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagTests.java b/core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagTests.java
index ee77d641aa..ee94db8194 100644
--- a/core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagTests.java
+++ b/core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagTests.java
@@ -42,6 +42,15 @@ public class AuthorizeTagTests extends TestCase {
 
     //~ Methods ================================================================
 
+    public void testAlwaysReturnsUnauthorizedIfNoUserFound()
+        throws JspException {
+        context.setAuthentication(null);
+
+        authorizeTag.setIfAllGranted("ROLE_TELLER");
+        assertEquals("prevents request - no principal in Context",
+            Tag.SKIP_BODY, authorizeTag.doStartTag());
+    }
+
     public void testDefaultsToNotOutputtingBodyWhenNoRequiredAuthorities()
         throws JspException {
         assertEquals("", authorizeTag.getIfAllGranted());