setting paramName only when it is not null #6258
Conversation
|
@shabari004 Please sign the Contributor License Agreement! Click here to manually synchronize the status of this Pull Request. See the FAQ for frequently asked questions. |
|
@shabari004 Thank you for signing the Contributor License Agreement! |
There was a problem hiding this comment.
Thank you for the PR @shabari004!
- Can you please update the commit message to align with the Spring Security conventions? Specifically, please ensure you have
Fixes: gh-6223 - Can you please add a test? You should be able to
- Remove
superfrom here - In the test extend
MethodSecurityEvaluationContextand overridesetVariablemethod to throw an Exception if a null value is passed in.
- Remove
rwinch
added
the
status: waiting-for-feedback
|
Hi @rwinch
|
|
Thanks for the feedback. It is probably best to just include the files in the PR. We can modify them as needed. That makes it easier to review and provide feedback. For the tests:
|
|
I created the test cases as you mentioned. can you review it please. Thank you. |
There was a problem hiding this comment.
Thanks! The code/tests look good.
- I have a few stylistic comments inline that need fixed.
- Can you please squash your commits?
- Can you please update the commit message to align with the Spring Security conventions? Specifically can you ensure to have a meaningful subject and
Fixes: gh-17565at the end of the commit message?
| ParameterNameDiscoverer paramNameDiscoverer = mock(ParameterNameDiscoverer.class); | ||
| when(paramNameDiscoverer.getParameterNames(method)).thenReturn( new String[] {null}); | ||
|
|
||
| NotNullVariableMethodSecurityEvaluationContext NNVMSEC= new NotNullVariableMethodSecurityEvaluationContext(mock(Authentication.class), mock(MethodInvocation.class), paramNameDiscoverer); |
There was a problem hiding this comment.
We don't use all caps unless it is a final member variable. You could rename this to something like Context
| when(paramNameDiscoverer.getParameterNames(method)).thenReturn( new String[] {null}); | ||
|
|
||
| NotNullVariableMethodSecurityEvaluationContext NNVMSEC= new NotNullVariableMethodSecurityEvaluationContext(mock(Authentication.class), mock(MethodInvocation.class), paramNameDiscoverer); | ||
| try { |
There was a problem hiding this comment.
There is no need need for this try/catch since it would fail with an uncaught exception
| * @author shabarijonnalagadda | ||
| * | ||
| */ | ||
| public class MethodSecurityEvaluationContextTests{ |
There was a problem hiding this comment.
Try to pay attention to whitespace (i.e. add a space so it isMethodSecurityEvaluationContextTests {)
| @Mock | ||
| private Method method; | ||
|
|
||
| public static class NotNullVariableMethodSecurityEvaluationContext extends MethodSecurityEvaluationContext { |
There was a problem hiding this comment.
Just a few style guides to be consistent with our code base.
- Place the static class below the method that uses it
- Do not make the class public (you can make it private or package private)
- Fix the whitespace (there are extra spaces in the declaration above)
.../springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
Outdated
Show resolved
Hide resolved
…not null before calling setVariable Fixes: 17565 adding Junit test MethodSecurityEvaluationContext setVariable Fixes: spring-projectsgh-6223 Update MethodSecurityEvaluationContextTests.java changing the code to be consistent with the existing code base.
…ethodSecurityEvaluationContext should check Parameter Names are not null Fixes:17565
|
@rwinch i think i lost it, is there anyway somebody can work on this bug. I think i dont have enough knowledge, Thanks for guidance till this point. |
@rwinch @shabari004 I would like to take it forward. |
|
Here is new pull request for the issue: |
rwinch
removed
the
status: waiting-for-feedback
|
@shabari004 Thanks for following up. I will proceed with #6332 |
#checking whether paramNames[i] is null, if it is not null then only we call StandardEvaluationContext.setVariable method