[jboss-jira] [JBoss JIRA] (WFLY-12903) EJBComponent may throw NPE in certain conditions from checkCallerSecurityIdentityRole
Darran Lofthouse (Jira)
issues at jboss.org
Thu Dec 19 06:44:40 EST 2019
[ https://issues.redhat.com/browse/WFLY-12903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13937994#comment-13937994 ]
Darran Lofthouse commented on WFLY-12903:
-----------------------------------------
Probably also should add something to the Elytron methods to ensure a null roles can not be returned from the SecurityIdentity
> EJBComponent may throw NPE in certain conditions from checkCallerSecurityIdentityRole
> -------------------------------------------------------------------------------------
>
> Key: WFLY-12903
> URL: https://issues.redhat.com/browse/WFLY-12903
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security
> Reporter: Bartosz Baranowski
> Assignee: Bartosz Baranowski
> Priority: Major
>
> If there is custom role mapping set up in elytron and it does not handle it properly 'roles' might end up null: https://github.com/wildfly/wildfly/blob/master/ejb3/src/main/java/org/jboss/as/ejb3/component/EJBComponent.java#L628
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list