[JBoss JIRA] (WFLY-7315) Empty result of attribute search in Elytron ldap-realm causes NPE

Friday, 14 October 2016

    [
https://issues.jboss.org/browse/WFLY-7315?page=com.atlassian.jira.plugin....
] 

Darran Lofthouse commented on WFLY-7315:
----------------------------------------

Please contact [~honza889] as he is looking after these kinds of issue at the moment. 
Additional contribution is welcome but Honza will be able to tell you if this is likely to
conflict with something he is already working on or is possibly being fixed as a side
effect of another issue.

...
 Empty result of attribute search in Elytron ldap-realm causes NPE
 -----------------------------------------------------------------

                 Key: WFLY-7315
                 URL: https://issues.jboss.org/browse/WFLY-7315
             Project: WildFly
          Issue Type: Bug
          Components: Security
    Affects Versions: 11.0.0.Alpha1
            Reporter: Ondrej Lukas
            Assignee: Darran Lofthouse

 In case when Elytron ldap-realm is configured through attribute-mapping to return some
attribute and LDAP search does not find this attribute for some entry, then NPE is thrown
and authentication fails.
 It is caused by missing null check for {{ldapAttribute}} in [1].
 Exception thrown to server log:
 {code}
 ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to
/print-roles/protected/printRoles: java.lang.RuntimeException: ELY01079: Ldap-backed realm
failed to obtain attributes for entry [uid=jduke,ou=People,dc=jboss,dc=org]
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.lambda$extractFilteredAttributes$6(LdapSecurityRealm.java:690)
 	at java.util.stream.Collectors.lambda$toMap$215(Collectors.java:1321)
 	at java.util.stream.ReduceOps$3ReducingSink.accept(ReduceOps.java:169)
 	at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
 	at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374)
 	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
 	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
 	at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
 	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
 	at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.extractAttributes(LdapSecurityRealm.java:753)
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.extractFilteredAttributes(LdapSecurityRealm.java:634)
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.lambda$getIdentity$1(LdapSecurityRealm.java:593)
 	at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity$LdapSearch$1.tryAdvance(LdapSecurityRealm.java:944)
 	at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126)
 	at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:498)
 	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485)
 	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
 	at java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:152)
 	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
 	at java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:464)
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.getIdentity(LdapSecurityRealm.java:598)
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.exists(LdapSecurityRealm.java:545)
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:513)
 	at
org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1634)
 	at
org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:654)
 	at
org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:818)
 	at
org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:752)
 	at
org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:850)
 	at
org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:703)
 	at
org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
 	at
org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authenticate(UsernamePasswordAuthenticationMechanism.java:69)
 	at
org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:151)
 	at
org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115)
 	at
org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
 	at
org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:106)
 	at
org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:90)
 	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:74)
 	at
org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:82)
 	at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
 	at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 	at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
 	at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
 	at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
 	at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
 	at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 	at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
 	at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
 	at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
 	at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
 	at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
 	at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
 	at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
 	at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
 	at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
 	at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
 	at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
 	at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
 	at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:207)
 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:810)
 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
 	at java.lang.Thread.run(Thread.java:745)
 Caused by: java.lang.RuntimeException: ELY01079: Ldap-backed realm failed to obtain
attributes for entry [uid=jduke,ou=People,dc=jboss,dc=org]
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.lambda$null$5(LdapSecurityRealm.java:678)
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity$LdapSearch$1.tryAdvance(LdapSecurityRealm.java:944)
 	at java.util.Spliterator.forEachRemaining(Spliterator.java:326)
 	at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:580)
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.lambda$extractFilteredAttributes$6(LdapSecurityRealm.java:650)
 	... 67 more
 Caused by: java.lang.NullPointerException
 	at
org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.lambda$null$5(LdapSecurityRealm.java:672)
 	... 71 more
 {code}
 [1]
https://github.com/wildfly-security/wildfly-elytron/blob/cb57f2f0ffcdb147...

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006