[seam-issues] [JBoss JIRA] Updated: (SEAMSECURITY-19) LdapIdentityStore throws NameNotFoundException when a role contains a forward slash
[
https://jira.jboss.org/browse/SEAMSECURITY-19?page=com.atlassian.jira.plu...
]
Jeremiah Orr updated SEAMSECURITY-19:
-------------------------------------
Steps to Reproduce:
1. Configure security:ldap-identity-store for your LDAP server. Make sure
role-attribute-is-DN is set to true (default).
2. Give an LDAP user entry a role containing a forward slash.
3. Attempt to login.
4. LoginException (wrapping a NameNotFoundException) will be thrown.
LdapIdentityStore throws NameNotFoundException when a role contains a
forward slash
-----------------------------------------------------------------------------------
Key: SEAMSECURITY-19
URL: https://jira.jboss.org/browse/SEAMSECURITY-19
Project: Seam Security
Issue Type: Bug
Environment: WebSphere Application Server 6.1, Seam 2.2.0.GA
Reporter: Jeremiah Orr
When using LdapIdentityStore for the role-identity-store, if a user's LDAP entry
contains a role with a forward slash (/), the following exception occurs:
javax.security.auth.login.LoginException: Failed to query roles
at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:141)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[snip]
Caused by:
org.jboss.seam.security.management.IdentityManagementException: Failed to query roles
at
org.jboss.seam.security.management.LdapIdentityStore.getGrantedRoles(LdapIdentityStore.java:903)
at
org.jboss.seam.security.management.LdapIdentityStore.getImpliedRoles(LdapIdentityStore.java:938)
at
org.jboss.seam.security.management.IdentityManager.getImpliedRoles(IdentityManager.java:254)
at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:130)
... 81 more
Caused by:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; Remaining
name: 'cn=umg/somerole,dc=acme,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1023)
at
com.sun.jndi.toolkit.ctx.ComponentContext.c_resolveIntermediate_nns(ComponentContext.java:164)
at
com.sun.jndi.toolkit.ctx.AtomicContext.c_resolveIntermediate_nns(AtomicContext.java:354)
at
com.sun.jndi.toolkit.ctx.ComponentContext.p_resolveIntermediate(ComponentContext.java:393)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:217)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:133)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:151)
at
org.jboss.seam.security.management.LdapIdentityStore.getGrantedRoles(LdapIdentityStore.java:890)
... 84 more
This error does not occur when the user's record does not contain roles with a
forward slash. I was able to eliminate this exception by changing line 890 in
LdapIdentityStore from this:
Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);
To this:
Attributes result2 = ctx.getAttributes(new javax.naming.ldap.LdapName(roleDN),
returnAttribute);
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira