[jboss-jira] [JBoss JIRA] Assigned: (SECURITY-513) LdapExtLoginModule breaks if bindCredential is missing
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Wed Jun 16 11:01:46 EDT 2010
[ https://jira.jboss.org/browse/SECURITY-513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anil Saldhana reassigned SECURITY-513:
--------------------------------------
Assignee: Marcus Moyses (was: Anil Saldhana)
> LdapExtLoginModule breaks if bindCredential is missing
> ------------------------------------------------------
>
> Key: SECURITY-513
> URL: https://jira.jboss.org/browse/SECURITY-513
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: JBossSecurity_2.0.4.SP1, PicketBox_v3_0_beta5
> Reporter: James Livingston
> Assignee: Marcus Moyses
> Attachments: SECURITY-513.patch
>
>
> LdapExtLoginModule got changed for SECURITY-422 to allow external commands to be run by prefixing the credential with {EXT}. It doesn't check for null first which breaks support for anonymous login added in JBAS-3555.
> The trivial fix is to change the following line in LdapExtLoginModule.createLdapInitContext()
> if (this.bindCredential.startsWith("{EXT}"))
> to
> if (this.bindCredential != null && this.bindCredential.startsWith("{EXT}"))
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list