[jboss-jira] [JBoss JIRA] (SECURITY-797) Authentication attempts will fail if the DatabaseRolesMappingProvider's rolesQuery returns an empty set
RH Bugzilla Integration (JIRA)
issues at jboss.org
Wed May 14 11:57:58 EDT 2014
[ https://issues.jboss.org/browse/SECURITY-797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12967865#comment-12967865 ]
RH Bugzilla Integration commented on SECURITY-797:
--------------------------------------------------
Hynek Mlnarik <hmlnarik at redhat.com> changed the Status of [bug 1067610|https://bugzilla.redhat.com/show_bug.cgi?id=1067610] from ON_QA to VERIFIED
> Authentication attempts will fail if the DatabaseRolesMappingProvider's rolesQuery returns an empty set
> -------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-797
> URL: https://issues.jboss.org/browse/SECURITY-797
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: PicketBox_4_0_19.Final
> Reporter: Derek Horton
> Assignee: Stefan Guilhen
> Attachments: SECURITY-797.patch
>
>
> If the DatabaseRolesMappingProvider's rolesQuery returns an empty set, then the authentication attempts will fail. Seems like it should not cause the authentication attempt to fail, since this is about mapping/adding roles.
> It looks like the code detects that the result set is empty, but then it tries to get the role from the empty set. This causes an exception which in turn causes the authentication attempt to fail.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the jboss-jira
mailing list