[jboss-jira] [JBoss JIRA] (SECURITY-797) Authentication attempts will fail if the DatabaseRolesMappingProvider's rolesQuery returns an empty set
Derek Horton (JIRA)
issues at jboss.org
Tue Feb 18 15:09:47 EST 2014
Derek Horton created SECURITY-797:
-------------------------------------
Summary: Authentication attempts will fail if the DatabaseRolesMappingProvider's rolesQuery returns an empty set
Key: SECURITY-797
URL: https://issues.jboss.org/browse/SECURITY-797
Project: PicketBox
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: JBossSX
Affects Versions: PicketBox_4_0_19.Final
Reporter: Derek Horton
Assignee: Stefan Guilhen
If the DatabaseRolesMappingProvider's rolesQuery returns an empty set, then the authentication attempts will fail. Seems like it should not cause the authentication attempt to fail, since this is about mapping/adding roles.
It looks like the code detects that the result set is empty, but then it tries to get the role from the empty set. This causes an exception which in turn causes the authentication attempt to fail.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list