[jboss-jira] [JBoss JIRA] (SECURITY-993) SimpleRole.hashCode NPE when a principal has the roles set to null
Ilia Vassilev (JIRA)
issues at jboss.org
Thu Jun 14 18:23:00 EDT 2018
[ https://issues.jboss.org/browse/SECURITY-993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13591781#comment-13591781 ]
Ilia Vassilev commented on SECURITY-993:
----------------------------------------
PR sent: https://github.com/picketbox/picketbox/pull/81
> SimpleRole.hashCode NPE when a principal has the roles set to null
> ------------------------------------------------------------------
>
> Key: SECURITY-993
> URL: https://issues.jboss.org/browse/SECURITY-993
> Project: PicketBox
> Issue Type: Bug
> Components: Identity
> Affects Versions: PicketBox_5_1_0.Final
> Environment: Wild Fly Swarm 2018.2.0
> Reporter: Sergey Beryozkin
> Assignee: Ilia Vassilev
> Priority: Minor
> Fix For: PicketBox_5_1_1.Beta1
>
>
> If a principal is created with the roles set to null then NPE is reported back to the user during the authentication process:
> {noformat}
> java.lang.RuntimeException: java.lang.NullPointerException
> at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:140)
> at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:94)
> at io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:167)
> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:245)
> ....
> Caused by: java.lang.NullPointerException
> at org.jboss.security.identity.plugins.SimpleRole.hashCode(SimpleRole.java:106)
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list