[jboss-jira] [JBoss JIRA] Resolved: (SECURITY-513) LdapExtLoginModule breaks if bindCredential is missing
Marcus Moyses (JIRA)
jira-events at lists.jboss.org
Tue Jul 6 14:30:46 EDT 2010
[ https://jira.jboss.org/browse/SECURITY-513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marcus Moyses resolved SECURITY-513.
------------------------------------
Resolution: Done
Applied proposed patch.
> LdapExtLoginModule breaks if bindCredential is missing
> ------------------------------------------------------
>
> Key: SECURITY-513
> URL: https://jira.jboss.org/browse/SECURITY-513
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: JBossSecurity_2.0.4.SP1, PicketBox_v3_0_beta5
> Reporter: James Livingston
> Assignee: Marcus Moyses
> Attachments: SECURITY-513.patch
>
>
> LdapExtLoginModule got changed for SECURITY-422 to allow external commands to be run by prefixing the credential with {EXT}. It doesn't check for null first which breaks support for anonymous login added in JBAS-3555.
> The trivial fix is to change the following line in LdapExtLoginModule.createLdapInitContext()
> if (this.bindCredential.startsWith("{EXT}"))
> to
> if (this.bindCredential != null && this.bindCredential.startsWith("{EXT}"))
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list