[jboss-jira] [JBoss JIRA] (WFCORE-1303) NPE in principal-to-group group searching
Ondrej Lukas (JIRA)
issues at jboss.org
Fri Jan 15 07:08:00 EST 2016
[ https://issues.jboss.org/browse/WFCORE-1303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ondrej Lukas updated WFCORE-1303:
---------------------------------
Description:
In case when ldap authorization with principal-to-group group searching is used in security realm and LDAP entry found by value of 'group-attribute' does not include attribute mentioned in 'group-name-attribute' then it causes authentication fail. It is caused by missing null check for groupNameAttr and hidden NPE thrown from [1].
[1] https://github.com/wildfly/wildfly-core/blob/bcc56983730d976ec77ede0d5901db6a00c31ab6/domain-management/src/main/java/org/jboss/as/domain/management/security/LdapGroupSearcherFactory.java#L301
was:
In case when ldap authorization with principal-to-group group searching is used in security realm and LDAP entry found by value of 'group-attribute' does not include attribute mentioned in 'group-name-attribute' then it causes authentication fail. It is caused by missing null check for groupNameAttr and hidden NPE thrown from [1].
[1] https://github.com/jbossas/wildfly-core-eap/blob/a8aa0199b64957df65f706957f327dbb9d0186ab/domain-management/src/main/java/org/jboss/as/domain/management/security/LdapGroupSearcherFactory.java#L301
> NPE in principal-to-group group searching
> -----------------------------------------
>
> Key: WFCORE-1303
> URL: https://issues.jboss.org/browse/WFCORE-1303
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management, Security
> Affects Versions: 2.0.7.Final
> Reporter: Ondrej Lukas
> Assignee: Brian Stansberry
>
> In case when ldap authorization with principal-to-group group searching is used in security realm and LDAP entry found by value of 'group-attribute' does not include attribute mentioned in 'group-name-attribute' then it causes authentication fail. It is caused by missing null check for groupNameAttr and hidden NPE thrown from [1].
> [1] https://github.com/wildfly/wildfly-core/blob/bcc56983730d976ec77ede0d5901db6a00c31ab6/domain-management/src/main/java/org/jboss/as/domain/management/security/LdapGroupSearcherFactory.java#L301
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list