[jboss-jira] [JBoss JIRA] Created: (SECURITY-513) LdapExtLoginModule breaks if bindCredential is missing
James Livingston (JIRA)
jira-events at lists.jboss.org
Tue Jun 8 21:45:38 EDT 2010
LdapExtLoginModule breaks if bindCredential is missing
------------------------------------------------------
Key: SECURITY-513
URL: https://jira.jboss.org/browse/SECURITY-513
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: PicketBox_v3_0_beta5, JBossSecurity_2.0.4.SP1
Reporter: James Livingston
Assignee: Anil Saldhana
LdapExtLoginModule got changed for SECURITY-422 to allow external commands to be run by prefixing the credential with {EXT}. It doesn't check for null first which breaks support for anonymous login added in JBAS-3555.
The trivial fix is to change the following line in LdapExtLoginModule.createLdapInitContext()
if (this.bindCredential.startsWith("{EXT}"))
to
if (this.bindCredential != null && this.bindCredential.startsWith("{EXT}"))
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list