t72306 - More care to avoid null pointer in LoginServlet

a6bc9002 · Brian Major · 0ef0b66e · a6bc9002
Commit a6bc9002 authored Dec 3, 2015 by Brian Major
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
@@ -150,7 +150,17 @@ public class LoginServlet<T extends Principal> extends HttpServlet
        try
        {
            log.info(logInfo.start());
-            String userID = request.getParameter("username").trim();
+            String userID = request.getParameter("username");
+            String password = request.getParameter("password");
+
+            if (userID == null)
+                throw new IllegalArgumentException("Missing username");
+            if (password == null)
+                throw new IllegalArgumentException("Missing password");
+
+            userID = userID.trim();
+            password = password.trim();
+
            String proxyUser = null;
            String[] fields = userID.split(PROXY_USER_DELIM);
            if (fields.length == 2 )
@@ -159,11 +169,6 @@ public class LoginServlet<T extends Principal> extends HttpServlet
                userID = fields[1].trim();
                checkCanImpersonate(userID, proxyUser);
            }
-            String password = request.getParameter("password");
-            if (StringUtil.hasText(userID))
-            {
-                if (StringUtil.hasText(password))
-                {
            if ((StringUtil.hasText(proxyUser) &&
                    userPersistence.doLogin(proxyUser, password)) ||
                (!StringUtil.hasText(proxyUser) &&
@@ -176,16 +181,7 @@ public class LoginServlet<T extends Principal> extends HttpServlet
        	    response.setContentLength(token.length());
        	    response.getWriter().write(token);
        	}
-                }
-                else
-                {
-                	throw new IllegalArgumentException("Missing password");
-                }
-            }
-            else
-            {
-            	throw new IllegalArgumentException("Missing userid");
-            }
+
        }
        catch (IllegalArgumentException e)
        {