[jboss-jira] [JBoss JIRA] Created: (JBAS-3555) LdapExtLoginModule fails if no initial bind credentials are supplied but anonymous login would be possible

[Felix Ho￟feld (JIRA)]

LdapExtLoginModule fails if no initial bind credentials are supplied but anonymous login would be possible
----------------------------------------------------------------------------------------------------------

                 Key: JBAS-3555
                 URL: http://jira.jboss.com/jira/browse/JBAS-3555
             Project: JBoss Application Server
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Security
    Affects Versions: JBossAS-4.0.4.GA
         Environment: 1.) LdapExtModule on JBoss 4.0.4.GA
2.) Novell eDirectory, possibly other LDAP-Server configuration, too
            Reporter: Felix Ho￟feld
         Assigned To: Scott M Stark
            Priority: Trivial
             Fix For: JBossAS-4.0.5.CR1


If an anonymous bind to the LDAP-Server is allowed no bindDN and bindCredential is supplied in login-context.xml. This causes the LoginModule to fail due to an NPE. The responsible lines are around 485:

          env.setProperty(Context.SECURITY_PRINCIPAL, dn);
          env.put(Context.SECURITY_CREDENTIALS, credential);

The HashMap.put fails if dn or credetials are null. The obvious solution is to change the lines to:

      if (dn != null)
          env.setProperty(Context.SECURITY_PRINCIPAL, dn);
      if (credential != null)
          env.put(Context.SECURITY_CREDENTIALS, credential);



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira