[jboss-jira] [JBoss JIRA] (SECURITY-912) LdapExtLoginModule fails to load roles when a Custom Principal is specified
RH Bugzilla Integration (JIRA)
issues at jboss.org
Wed Sep 16 17:31:00 EDT 2015
[ https://issues.jboss.org/browse/SECURITY-912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
RH Bugzilla Integration updated SECURITY-912:
---------------------------------------------
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=1263847, https://bugzilla.redhat.com/show_bug.cgi?id=1263852 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1263847)
> LdapExtLoginModule fails to load roles when a Custom Principal is specified
> ---------------------------------------------------------------------------
>
> Key: SECURITY-912
> URL: https://issues.jboss.org/browse/SECURITY-912
> Project: PicketBox
> Issue Type: Bug
> Components: JBossSX, Security-SPI
> Reporter: Jess Sightler
> Assignee: Derek Horton
>
> LdapExtLoginModule.addRole(String) calls:
> super.createIdentity(roleName);
> This attempts to get the current context classloader for the current thread. Unfortunately, this fails as the context classloader is null.
> The callchain is:
> createLdapInitContext->rolesSearch->addRole
> Lines 432 and 433 of LdapExtLoginModule are:
> if (currentTCCL != null)
> SecurityActions.setContextClassLoader(null);
> This clears the classloader, so the principal class cannot be loaded.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list