[jboss-jira] [JBoss JIRA] Closed: (JBAS-3555) LdapExtLoginModule fails if no initial bind credentials are supplied but anonymous login would be possible

Dimitris Andreadis (JIRA) jira-events at jboss.com
Fri Aug 25 07:44:46 EDT 2006 

     [ http://jira.jboss.com/jira/browse/JBAS-3555?page=all ]

Dimitris Andreadis closed JBAS-3555.
------------------------------------

    Fix Version/s: JBossAS-5.0.0.Beta
       Resolution: Done
         Assignee: Dimitris Andreadis  (was: Scott M Stark)

Fixed in Branch_4_0, JEE5_TCK & trunk.

> LdapExtLoginModule fails if no initial bind credentials are supplied but anonymous login would be possible
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: JBAS-3555
>                 URL: http://jira.jboss.com/jira/browse/JBAS-3555
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: JBossAS-4.0.4.GA
>         Environment: 1.) LdapExtModule on JBoss 4.0.4.GA
> 2.) Novell eDirectory, possibly other LDAP-Server configuration, too
>            Reporter: Felix Ho￟feld
>         Assigned To: Dimitris Andreadis
>            Priority: Trivial
>             Fix For: JBossAS-4.0.5.CR1, JBossAS-5.0.0.Beta
>
>   Original Estimate: 30 minutes
>  Remaining Estimate: 30 minutes
>
> If an anonymous bind to the LDAP-Server is allowed no bindDN and bindCredential is supplied in login-context.xml. This causes the LoginModule to fail due to an NPE. The responsible lines are around 485:
>           env.setProperty(Context.SECURITY_PRINCIPAL, dn);
>           env.put(Context.SECURITY_CREDENTIALS, credential);
> The HashMap.put fails if dn or credetials are null. The obvious solution is to change the lines to:
>       if (dn != null)
>           env.setProperty(Context.SECURITY_PRINCIPAL, dn);
>       if (credential != null)
>           env.put(Context.SECURITY_CREDENTIALS, credential);

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list