[jboss-jira] [JBoss JIRA] Created: (JBAS-4343) NullPointerException causing bad password exception in LdapLoginModule when the role attribute is not set for a given entry

Tue Apr 17 15:20:30 EDT 2007

NullPointerException causing bad password exception in LdapLoginModule when the role attribute is not set for a given entry
---------------------------------------------------------------------------------------------------------------------------

                 Key: JBAS-4343
                 URL: http://jira.jboss.com/jira/browse/JBAS-4343
             Project: JBoss Application Server
          Issue Type: Bug
      Security Level: Public (Everyone can see)
    Affects Versions: JBossAS-4.0.5.GA
         Environment: Linux, kernel 2.6.20, i686
            Reporter: pgillis
            Priority: Minor

The org.jboss.security.auth.spi.LdapLoginModule class is throwing a NullPointerException that is causing authentication to fail in cases where, in my mind, it should be succeeding.

The NPE is thrown when a record is encountered that does not have the attribute listed in roleAttributeID.  There are two issues here:

1. The error that shows up in the log is a BadPassword error.  This is misleading, if anything it should be a configuration error.

2. The roles are for authorization not authentication. When this exception gets thrown, authentication is failing. 

It seems reasonable for an LDAP attribute to be useful in identifying roles even if it isn't defined for every record.  You can get around this problem with a more complex realm definition in login-config.xml, but shouldn't have to...thanks...

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira