From a6bc9002fe403bc080961db783f0977557afcbee Mon Sep 17 00:00:00 2001
From: Brian Major <major.brian@gmail.com>
Date: Thu, 3 Dec 2015 10:54:39 -0800
Subject: [PATCH] t72306 - More care to avoid null pointer in LoginServlet

---
 .../nrc/cadc/ac/server/web/LoginServlet.java  | 50 +++++++++----------
 1 file changed, 23 insertions(+), 27 deletions(-)

diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
index 23ca9e40..000d552a 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
@@ -150,7 +150,17 @@ public class LoginServlet<T extends Principal> extends HttpServlet
         try
         {
             log.info(logInfo.start());
-            String userID = request.getParameter("username").trim();
+            String userID = request.getParameter("username");
+            String password = request.getParameter("password");
+
+            if (userID == null)
+                throw new IllegalArgumentException("Missing username");
+            if (password == null)
+                throw new IllegalArgumentException("Missing password");
+
+            userID = userID.trim();
+            password = password.trim();
+
             String proxyUser = null;
             String[] fields = userID.split(PROXY_USER_DELIM);
             if (fields.length == 2 )
@@ -159,33 +169,19 @@ public class LoginServlet<T extends Principal> extends HttpServlet
                 userID = fields[1].trim();
                 checkCanImpersonate(userID, proxyUser);
             }
-            String password = request.getParameter("password");
-            if (StringUtil.hasText(userID))
+            if ((StringUtil.hasText(proxyUser) &&
+                    userPersistence.doLogin(proxyUser, password)) ||
+                (!StringUtil.hasText(proxyUser) &&
+                        userPersistence.doLogin(userID, password)))
             {
-                if (StringUtil.hasText(password))
-                {
-                    if ((StringUtil.hasText(proxyUser) &&
-                            userPersistence.doLogin(proxyUser, password)) ||
-                        (!StringUtil.hasText(proxyUser) &&
-                                userPersistence.doLogin(userID, password)))
-                    {
-	            	    String token =
-	            	            new SSOCookieManager().generate(
-	            	                    new HttpPrincipal(userID, proxyUser));
-	            	    response.setContentType(CONTENT_TYPE);
-	            	    response.setContentLength(token.length());
-	            	    response.getWriter().write(token);
-                	}
-                }
-                else
-                {
-                	throw new IllegalArgumentException("Missing password");
-                }
-            }
-            else
-            {
-            	throw new IllegalArgumentException("Missing userid");
-            }
+        	    String token =
+        	            new SSOCookieManager().generate(
+        	                    new HttpPrincipal(userID, proxyUser));
+        	    response.setContentType(CONTENT_TYPE);
+        	    response.setContentLength(token.length());
+        	    response.getWriter().write(token);
+        	}
+
         }
         catch (IllegalArgumentException e)
         {
-- 
GitLab