[seam-issues] [JBoss JIRA] Created: (SEAMSECURITY-19) LdapIdentityStore throws NameNotFoundException when a role contains a forward slash

Jeremiah Orr (JIRA) jira-events at lists.jboss.org
Wed Nov 10 14:42:01 EST 2010 

LdapIdentityStore throws NameNotFoundException when a role contains a forward slash
-----------------------------------------------------------------------------------

                 Key: SEAMSECURITY-19
                 URL: https://jira.jboss.org/browse/SEAMSECURITY-19
             Project: Seam Security
          Issue Type: Bug
         Environment: WebSphere Application Server 6.1, Seam 2.2.0.GA
            Reporter: Jeremiah Orr


When using LdapIdentityStore for the role-identity-store, if a user's LDAP entry contains a role with a forward slash (/), the following exception occurs:

javax.security.auth.login.LoginException: Failed to query roles
	at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:141)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[snip]
Caused by: 
org.jboss.seam.security.management.IdentityManagementException: Failed to query roles
	at org.jboss.seam.security.management.LdapIdentityStore.getGrantedRoles(LdapIdentityStore.java:903)
	at org.jboss.seam.security.management.LdapIdentityStore.getImpliedRoles(LdapIdentityStore.java:938)
	at org.jboss.seam.security.management.IdentityManager.getImpliedRoles(IdentityManager.java:254)
	at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:130)
	... 81 more
Caused by: 
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; Remaining name: 'cn=umg/somerole,dc=acme,dc=com'
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
	at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1023)
	at com.sun.jndi.toolkit.ctx.ComponentContext.c_resolveIntermediate_nns(ComponentContext.java:164)
	at com.sun.jndi.toolkit.ctx.AtomicContext.c_resolveIntermediate_nns(AtomicContext.java:354)
	at com.sun.jndi.toolkit.ctx.ComponentContext.p_resolveIntermediate(ComponentContext.java:393)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:217)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:133)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
	at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:151)
	at org.jboss.seam.security.management.LdapIdentityStore.getGrantedRoles(LdapIdentityStore.java:890)
	... 84 more

This error does not occur when the user's record does not contain roles with a forward slash. I was able to eliminate this exception by changing line 890 in LdapIdentityStore from this:

Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);

To this:

Attributes result2 = ctx.getAttributes(new javax.naming.ldap.LdapName(roleDN), returnAttribute);

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list