fix possible npe on authentication, see issue #531

scm-webapp/src/main/java/sonia/scm/api/rest/IllegalArgumentExceptionMapper.java

@@ -0,0 +1,64 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer. 2. Redistributions in
+ * binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution. 3. Neither the name of SCM-Manager;
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.api.rest;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import javax.ws.rs.ext.ExceptionMapper;
+import javax.ws.rs.ext.Provider;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ * @since 1.36
+ */
+@Provider
+public class IllegalArgumentExceptionMapper
+  implements ExceptionMapper<IllegalArgumentException>
+{
+
+  /**
+   * Method description
+   *
+   *
+   * @param exception
+   *
+   * @return
+   */
+  @Override
+  public Response toResponse(IllegalArgumentException exception)
+  {
+    return Response.status(Status.BAD_REQUEST).build();
+  }
+}

scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java

@@ -35,6 +35,8 @@ package sonia.scm.api.rest.resources;
 
 //~--- non-JDK imports --------------------------------------------------------
 
+import com.google.common.base.Preconditions;
+import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableList.Builder;
 import com.google.inject.Inject;
@@ -153,6 +155,7 @@ public class AuthenticationResource
    * <br />
    * <ul>
    *   <li>200 success</li>
+   *   <li>400 bad request, required parameter is missing.</li>
    *   <li>401 unauthorized, the specified username or password is wrong</li>
    *   <li>500 internal server error</li>
    * </ul>
@@ -172,6 +175,11 @@ public class AuthenticationResource
     @FormParam("password") String password, @FormParam("rememberMe")
   @DefaultValue("false") boolean rememberMe)
   {
+    Preconditions.checkArgument(!Strings.isNullOrEmpty(username),
+      "username parameter is required");
+    Preconditions.checkArgument(!Strings.isNullOrEmpty(password),
+      "password parameter is required");
+
     Response response;
     Subject subject = SecurityUtils.getSubject();