[JBoss JIRA] (SECURITY-797) Authentication attempts will fail if the DatabaseRolesMappingProvider's rolesQuery returns an empty set

Wednesday, 26 February 2014

    [
https://issues.jboss.org/browse/SECURITY-797?page=com.atlassian.jira.plug...
] 

RH Bugzilla Integration commented on SECURITY-797:
--------------------------------------------------

Vaclav Tunka <vtunka(a)redhat.com&gt; changed the Status of [bug
1067612|https://bugzilla.redhat.com/show_bug.cgi?id=1067612] from POST to MODIFIED

...
 Authentication attempts will fail if the
DatabaseRolesMappingProvider's rolesQuery returns an empty set

-------------------------------------------------------------------------------------------------------

                 Key: SECURITY-797
                 URL: https://issues.jboss.org/browse/SECURITY-797
             Project: PicketBox 
          Issue Type: Bug
      Security Level: Public(Everyone can see) 
          Components: JBossSX
    Affects Versions: PicketBox_4_0_19.Final
            Reporter: Derek Horton
            Assignee: Stefan Guilhen
         Attachments: SECURITY-797.patch

 If the DatabaseRolesMappingProvider's rolesQuery returns an empty set, then the
authentication attempts will fail.  Seems like it should not cause the authentication
attempt to fail, since this is about mapping/adding roles.
 It looks like the code detects that the result set is empty, but then it tries to get the
role from the empty set.  This causes an exception which in turn causes the authentication
attempt to fail. 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006