[jboss-jira] [JBoss JIRA] (SECURITY-721) SPNEGO fallback to FORM based login has issues with user roles
Tom Fonteyne (JIRA)
jira-events at lists.jboss.org
Tue Jan 15 10:51:22 EST 2013
Tom Fonteyne created SECURITY-721:
-------------------------------------
Summary: SPNEGO fallback to FORM based login has issues with user roles
Key: SECURITY-721
URL: https://issues.jboss.org/browse/SECURITY-721
Project: PicketBox
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Negotiation
Affects Versions: Negotiation_2_2_1
Reporter: Tom Fonteyne
Assignee: Darran Lofthouse
A standard setup of EAP 6.0.1 (containing nego 2.2.1) for SPNEGO with FORM fallover has issues in the third set of the toolkit tests.
10:54:47,378 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/jnt-eap6].[Secured]] (http-orac.usersys.redhat.com/10.33.1.221:8080-2) Servlet.service() for servlet Secured threw exception: java.lang.NullPointerException
at org.jboss.security.negotiation.toolkit.SecuredServlet.doGet(SecuredServlet.java:88) [classes:]
The failing line being:
List<Role> roles = info.getRoles().getRoles();
I back ported the extra lines from the toolkit to the one meant for EAP 5.x and there the above line works fine.
The fact that the servlet is called does mean that JBoss received the correct roles, hence it's not clear whether that particular toolkit line being any issue for the general public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list