April 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (DROOLS-1119) Timers serialization not working with huge ids

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1119?page=com.atlassian.jira.plugi... ] RH Bugzilla Integration commented on DROOLS-1119: ------------------------------------------------- Mario Fusco <mfusco(a)redhat.com> changed the Status of [bug 1326865|https://bugzilla.redhat.com/show_bug.cgi?id=1326865] from NEW to MODIFIED > Timers serialization not working with huge ids > ---------------------------------------------- > > Key: DROOLS-1119 > URL: https://issues.jboss.org/browse/DROOLS-1119 > Project: Drools > Issue Type: Bug > Reporter: Mario Fusco > Assignee: Mario Fusco > Fix For: 7.0.0.Final > > > Using huge ids for KieSessions corrupts timers serialization -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6536) AdvancedLdapLoginModule authentication fails when some part of DN is part of LDAP URL

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/WFLY-6536?page=com.atlassian.jira.plugin.... ] Ondrej Lukas updated WFLY-6536: ------------------------------- Affects Version/s: 10.0.0.Final > AdvancedLdapLoginModule authentication fails when some part of DN is part of LDAP URL > ------------------------------------------------------------------------------------- > > Key: WFLY-6536 > URL: https://issues.jboss.org/browse/WFLY-6536 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.Final > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > > In case when part of DN is placed in LDAP URL instead of baseCtxDN then authentication fails (see [1] for details about this URL) in AdvancedLdapLoginModule. Authentication is provided by binding with user DN and password, but in this case user DN does not include DN part from LDAP URL which leads to fail. > Thrown exception: > {code} > javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=jduke,ou=People > com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) > com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) > com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) > com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) > org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114) > org.jboss.as.naming.InitialContext.init(InitialContext.java:99) > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89) > org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) > javax.naming.InitialContext.init(InitialContext.java:244) > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:486) > org.jboss.security.negotiation.AdvancedLdapLoginModule.authenticate(AdvancedLdapLoginModule.java:669) > org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:397) > org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:967) > org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:326) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ... > {code} > [1] https://tools.ietf.org/html/rfc2255 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6536) AdvancedLdapLoginModule authentication fails when some part of DN is part of LDAP URL

by Ondrej Lukas (JIRA)

Ondrej Lukas created WFLY-6536: ---------------------------------- Summary: AdvancedLdapLoginModule authentication fails when some part of DN is part of LDAP URL Key: WFLY-6536 URL: https://issues.jboss.org/browse/WFLY-6536 Project: WildFly Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Darran Lofthouse In case when part of DN is placed in LDAP URL instead of baseCtxDN then authentication fails (see [1] for details about this URL) in AdvancedLdapLoginModule. Authentication is provided by binding with user DN and password, but in this case user DN does not include DN part from LDAP URL which leads to fail. Thrown exception: {code} javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=jduke,ou=People com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114) org.jboss.as.naming.InitialContext.init(InitialContext.java:99) javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89) org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) javax.naming.InitialContext.init(InitialContext.java:244) javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:486) org.jboss.security.negotiation.AdvancedLdapLoginModule.authenticate(AdvancedLdapLoginModule.java:669) org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:397) org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:967) org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:326) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} [1] https://tools.ietf.org/html/rfc2255 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6535) LdapLoginModule authentication fails when some part of DN is part of LDAP URL

by Ondrej Lukas (JIRA)

Ondrej Lukas created WFLY-6535: ---------------------------------- Summary: LdapLoginModule authentication fails when some part of DN is part of LDAP URL Key: WFLY-6535 URL: https://issues.jboss.org/browse/WFLY-6535 Project: WildFly Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Darran Lofthouse In case when part of DN is placed in LDAP URL instead of principalDNSuffix then authentication fails (see [1] for details about this URL) in LdapLoginModule. Authentication is provided by binding with user DN and password, but in this case user DN does not include DN part from LDAP URL which leads to fail. Thrown exception: {code} javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=jduke,ou=People com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114) org.jboss.as.naming.InitialContext.init(InitialContext.java:99) javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89) org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) javax.naming.InitialContext.init(InitialContext.java:244) javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) org.jboss.security.auth.spi.LdapLoginModule.createLdapInitContext(LdapLoginModule.java:362) org.jboss.security.auth.spi.LdapLoginModule.validatePassword(LdapLoginModule.java:289) org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:283) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} [1] https://tools.ietf.org/html/rfc2255 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6535) LdapLoginModule authentication fails when some part of DN is part of LDAP URL

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/WFLY-6535?page=com.atlassian.jira.plugin.... ] Ondrej Lukas updated WFLY-6535: ------------------------------- Affects Version/s: 10.0.0.Final > LdapLoginModule authentication fails when some part of DN is part of LDAP URL > ----------------------------------------------------------------------------- > > Key: WFLY-6535 > URL: https://issues.jboss.org/browse/WFLY-6535 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.Final > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > > In case when part of DN is placed in LDAP URL instead of principalDNSuffix then authentication fails (see [1] for details about this URL) in LdapLoginModule. Authentication is provided by binding with user DN and password, but in this case user DN does not include DN part from LDAP URL which leads to fail. > Thrown exception: > {code} > javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=jduke,ou=People > com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) > com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) > com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) > com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) > org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114) > org.jboss.as.naming.InitialContext.init(InitialContext.java:99) > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89) > org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) > javax.naming.InitialContext.init(InitialContext.java:244) > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > org.jboss.security.auth.spi.LdapLoginModule.createLdapInitContext(LdapLoginModule.java:362) > org.jboss.security.auth.spi.LdapLoginModule.validatePassword(LdapLoginModule.java:289) > org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:283) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ... > {code} > [1] https://tools.ietf.org/html/rfc2255 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6534) LdapExtLoginModule authentication fails when some part of DN is part of LDAP URL

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/WFLY-6534?page=com.atlassian.jira.plugin.... ] Ondrej Lukas updated WFLY-6534: ------------------------------- Affects Version/s: 10.0.0.Final > LdapExtLoginModule authentication fails when some part of DN is part of LDAP URL > -------------------------------------------------------------------------------- > > Key: WFLY-6534 > URL: https://issues.jboss.org/browse/WFLY-6534 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.Final > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > > In case when part of DN is placed in LDAP URL instead of baseCtxDN then authentication fails (see [1] for details about this URL) in LdapExtLoginModule. Authentication is provided by binding with user DN and password, but in this case user DN does not include DN part from LDAP URL which leads to fail. > Thrown exception: > {code} > javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=jduke,ou=People > com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) > com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) > com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) > com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) > org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114) > org.jboss.as.naming.InitialContext.init(InitialContext.java:99) > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89) > org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) > javax.naming.InitialContext.init(InitialContext.java:244) > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:836) > org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:565) > org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:465) > org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:343) > org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:283) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ... > {code} > [1] https://tools.ietf.org/html/rfc2255 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6534) LdapExtLoginModule authentication fails when some part of DN is part of LDAP URL

by Ondrej Lukas (JIRA)

Ondrej Lukas created WFLY-6534: ---------------------------------- Summary: LdapExtLoginModule authentication fails when some part of DN is part of LDAP URL Key: WFLY-6534 URL: https://issues.jboss.org/browse/WFLY-6534 Project: WildFly Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Darran Lofthouse In case when part of DN is placed in LDAP URL instead of baseCtxDN then authentication fails (see [1] for details about this URL) in LdapExtLoginModule. Authentication is provided by binding with user DN and password, but in this case user DN does not include DN part from LDAP URL which leads to fail. Thrown exception: {code} javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=jduke,ou=People com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114) org.jboss.as.naming.InitialContext.init(InitialContext.java:99) javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89) org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) javax.naming.InitialContext.init(InitialContext.java:244) javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:836) org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:565) org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:465) org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:343) org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:283) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} [1] https://tools.ietf.org/html/rfc2255 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6533) AdvancedLdapLoginModule with rolesCtxDN=null leads to authentication failure

by Ondrej Lukas (JIRA)

Ondrej Lukas created WFLY-6533: ---------------------------------- Summary: AdvancedLdapLoginModule with rolesCtxDN=null leads to authentication failure Key: WFLY-6533 URL: https://issues.jboss.org/browse/WFLY-6533 Project: WildFly Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Darran Lofthouse In case when AdvancedLdapLoginModule is correctly configured for authentication, but its attribute rolesCtxDN is not set (i.e. is null), then authentication with correct username and password fails. It is caused be internal NPE for searching roles. Expected behavior is that user should be authenticated but no roles should be assigned to them. Internal NPE: {code} java.lang.NullPointerException: at org.jboss.as.naming.InitialContext.getURLScheme(InitialContext.java:160) at org.jboss.as.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:128) at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:106) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286) at org.jboss.security.negotiation.AdvancedLdapLoginModule.rolesSearch(AdvancedLdapLoginModule.java:720) at org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:403) at org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:967) at org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:326) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6533) AdvancedLdapLoginModule with rolesCtxDN=null leads to authentication failure

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/WFLY-6533?page=com.atlassian.jira.plugin.... ] Ondrej Lukas updated WFLY-6533: ------------------------------- Affects Version/s: 10.0.0.Final > AdvancedLdapLoginModule with rolesCtxDN=null leads to authentication failure > ---------------------------------------------------------------------------- > > Key: WFLY-6533 > URL: https://issues.jboss.org/browse/WFLY-6533 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.Final > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > > In case when AdvancedLdapLoginModule is correctly configured for authentication, but its attribute rolesCtxDN is not set (i.e. is null), then authentication with correct username and password fails. It is caused be internal NPE for searching roles. > Expected behavior is that user should be authenticated but no roles should be assigned to them. > Internal NPE: > {code} > java.lang.NullPointerException: > at org.jboss.as.naming.InitialContext.getURLScheme(InitialContext.java:160) > at org.jboss.as.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:128) > at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:106) > at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286) > at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286) > at org.jboss.security.negotiation.AdvancedLdapLoginModule.rolesSearch(AdvancedLdapLoginModule.java:720) > at org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:403) > at org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:967) > at org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:326) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ... > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6532) AdvancedLdapLoginModule with rolesCtxDN="" can lead to authentication failure

by Ondrej Lukas (JIRA)

Ondrej Lukas created WFLY-6532: ---------------------------------- Summary: AdvancedLdapLoginModule with rolesCtxDN="" can lead to authentication failure Key: WFLY-6532 URL: https://issues.jboss.org/browse/WFLY-6532 Project: WildFly Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Darran Lofthouse In case when AdvancedLdapLoginModule is correctly configured for authentication and its attribute rolesCtxDN="", then authentication can fail. This happens when any role is found in LDAP by role search. It is caused by {{canonicalize}} method which returns string which ends with comma for empty rolesCtxDN which is invalid name for searching LDAP. In correct behavior authentication should pass and found roles should be assigned to user. In case when no role is found, then authentication succeed which is correct behavior. Thrown exception: {code} javax.naming.InvalidNameException: cn=Echo,ou=Roles2,o=AdvancedLdapLMEmptyRolesCtxDnOptionTestCasee7b6b29d,o=primary,dc=jboss,dc=org,: [LDAP: error code 34 - Invalid root Dn given : cn=Echo,ou=Roles2,o=AdvancedLdapLMEmptyRolesCtxDnOptionTestCasee7b6b29d,o=primary,dc=jboss,dc=org, (0x63 0x6E 0x3D 0x45 0x63 0x68 0x6F 0x2C 0x6F 0x75 0x3D 0x52 0x6F 0x6C 0x65 0x73 0x32 0x2C 0x6F 0x3D 0x41 0x64 0x76 0x61 0x6E 0x63 0x65 0x64 0x4C 0x64 0x61 0x70 0x4C 0x4D 0x45 0x6D 0x70 0x74 0x79 0x52 0x6F 0x6C 0x65 0x73 0x43 0x74 0x78 0x44 0x6E 0x4F 0x70 0x74 0x69 0x6F 0x6E 0x54 0x65 0x73 0x74 0x43 0x61 0x73 0x65 0x65 0x37 0x62 0x36 0x62 0x32 0x39 0x64 0x2C 0x6F 0x3D 0x70 0x72 0x69 0x6D 0x61 0x72 0x79 0x2C 0x64 0x63 0x3D 0x6A 0x62 0x6F 0x73 0x73 0x2C 0x64 0x63 0x3D 0x6F 0x72 0x67 0x2C ) is invalid]; remaining name 'cn=Echo,ou=Roles2,o=AdvancedLdapLMEmptyRolesCtxDnOptionTestCasee7b6b29d,o=primary,dc=jboss,dc=org,' com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3074) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888) com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1329) com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235) com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141) com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:129) javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) org.jboss.security.negotiation.AdvancedLdapLoginModule.obtainRole(AdvancedLdapLoginModule.java:801) org.jboss.security.negotiation.AdvancedLdapLoginModule.rolesSearch(AdvancedLdapLoginModule.java:737) org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:403) org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:967) org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:326) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2016