Tom Fonteyne created SECURITY-721:
-------------------------------------
Summary: SPNEGO fallback to FORM based login has issues with user roles
Key: SECURITY-721
URL:
https://issues.jboss.org/browse/SECURITY-721
Project: PicketBox
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Negotiation
Affects Versions: Negotiation_2_2_1
Reporter: Tom Fonteyne
Assignee: Darran Lofthouse
A standard setup of EAP 6.0.1 (containing nego 2.2.1) for SPNEGO with FORM fallover has
issues in the third set of the toolkit tests.
10:54:47,378 ERROR
[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/jnt-eap6].[Secured]]
(http-orac.usersys.redhat.com/10.33.1.221:8080-2) Servlet.service() for servlet Secured
threw exception: java.lang.NullPointerException
at
org.jboss.security.negotiation.toolkit.SecuredServlet.doGet(SecuredServlet.java:88)
[classes:]
The failing line being:
List<Role> roles = info.getRoles().getRoles();
I back ported the extra lines from the toolkit to the one meant for EAP 5.x and there the
above line works fine.
The fact that the servlet is called does mean that JBoss received the correct roles, hence
it's not clear whether that particular toolkit line being any issue for the general
public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira