[jboss-jira] [JBoss JIRA] Commented: (JBAS-4343) NullPointerException causing bad password exception in LdapLoginModule when the role attribute is not set for a given entry

NullPointerException causing bad password exception in LdapLoginModule when the role attribute is not set for a given entry --------------------------------------------------------------------------------------------------------------------------- Key: JBAS-4343 URL: http://jira.jboss.com/jira/browse/JBAS-4343 Project: JBoss Application Server Issue Type: Bug Security Level: Public(Everyone can see) Components: Security Affects Versions: JBossAS-4.0.5.GA Environment: Linux, kernel 2.6.20, i686 Reporter: pgillis Assigned To: Marcus Moyses Priority: Minor Fix For: JBossAS-4.2.3.GA The org.jboss.security.auth.spi.LdapLoginModule class is throwing a NullPointerException that is causing authentication to fail in cases where, in my mind, it should be succeeding. The NPE is thrown when a record is encountered that does not have the attribute listed in roleAttributeID. There are two issues here: 1. The error that shows up in the log is a BadPassword error. This is misleading, if anything it should be a configuration error. 2. The roles are for authorization not authentication. When this exception gets thrown, authentication is failing. It seems reasonable for an LDAP attribute to be useful in identifying roles even if it isn't defined for every record. You can get around this problem with a more complex realm definition in login-config.xml, but shouldn't have to...thanks...