[jboss-jira] [JBoss JIRA] (SECURITY-844) LdapExLoginModule allow instance variables to remain 'null'
Bartosz Baranowski (JIRA)
issues at jboss.org
Fri Jun 6 06:46:16 EDT 2014
Bartosz Baranowski created SECURITY-844:
-------------------------------------------
Summary: LdapExLoginModule allow instance variables to remain 'null'
Key: SECURITY-844
URL: https://issues.jboss.org/browse/SECURITY-844
Project: PicketBox
Issue Type: Enhancement
Security Level: Public (Everyone can see)
Components: PicketBox
Reporter: Bartosz Baranowski
Assignee: Stefan Guilhen
Affected version: PicketBox_4_0_19.SP8
Example: roleFilter may not be set.
Result:
{code}
12:40:02,129 DEBUG [org.jboss.security] (http-/10.36.6.166:8080-1) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_51]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_51]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_51]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_51]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_51]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_51]
at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_51]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:216) [jboss-as-web-7.4.0.Final-redhat-SNAPSHOT.jar:7.4.0.Final-redhat-SNAPSHOT]
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.4.5.Final-redhat-1.jar:7.4.5.Final-redhat-1]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:404) [jbossweb-7.4.5.Final-redhat-1.jar:7.4.5.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.4.0.Final-redhat-SNAPSHOT.jar:7.4.0.Final-redhat-SNAPSHOT]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.4.5.Final-redhat-1.jar:7.4.5.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.4.5.Final-redhat-1.jar:7.4.5.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.4.5.Final-redhat-1.jar:7.4.5.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.4.5.Final-redhat-1.jar:7.4.5.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.4.5.Final-redhat-1.jar:7.4.5.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.4.5.Final-redhat-1.jar:7.4.5.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.4.5.Final-redhat-1.jar:7.4.5.Final-redhat-1]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Caused by: java.lang.NullPointerException
at com.sun.jndi.toolkit.dir.SearchFilter.format(SearchFilter.java:585) [rt.jar:1.7.0_51]
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1784) [rt.jar:1.7.0_51]
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412) [rt.jar:1.7.0_51]
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394) [rt.jar:1.7.0_51]
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376) [rt.jar:1.7.0_51]
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286) [rt.jar:1.7.0_51]
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286) [rt.jar:1.7.0_51]
at org.jboss.security.auth.spi.LdapExtLoginModule.rolesSearch(LdapExtLoginModule.java:647) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:482) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:343) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:281) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
... 27 more
{code}
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the jboss-jira
mailing list