[seam-issues] [JBoss JIRA] Updated: (SEAMSECURITY-19) LdapIdentityStore throws NameNotFoundException when a role contains a forward slash
Jeremiah Orr (JIRA)
jira-events at lists.jboss.org
Wed Nov 10 15:14:01 EST 2010
[ https://jira.jboss.org/browse/SEAMSECURITY-19?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeremiah Orr updated SEAMSECURITY-19:
-------------------------------------
Steps to Reproduce:
1. Configure security:ldap-identity-store for your LDAP server. Make sure role-attribute-is-DN is set to true (default).
2. Give an LDAP user entry a role containing a forward slash.
3. Attempt to login.
4. LoginException (wrapping a NameNotFoundException) will be thrown.
> LdapIdentityStore throws NameNotFoundException when a role contains a forward slash
> -----------------------------------------------------------------------------------
>
> Key: SEAMSECURITY-19
> URL: https://jira.jboss.org/browse/SEAMSECURITY-19
> Project: Seam Security
> Issue Type: Bug
> Environment: WebSphere Application Server 6.1, Seam 2.2.0.GA
> Reporter: Jeremiah Orr
>
> When using LdapIdentityStore for the role-identity-store, if a user's LDAP entry contains a role with a forward slash (/), the following exception occurs:
> javax.security.auth.login.LoginException: Failed to query roles
> at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:141)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [snip]
> Caused by:
> org.jboss.seam.security.management.IdentityManagementException: Failed to query roles
> at org.jboss.seam.security.management.LdapIdentityStore.getGrantedRoles(LdapIdentityStore.java:903)
> at org.jboss.seam.security.management.LdapIdentityStore.getImpliedRoles(LdapIdentityStore.java:938)
> at org.jboss.seam.security.management.IdentityManager.getImpliedRoles(IdentityManager.java:254)
> at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:130)
> ... 81 more
> Caused by:
> javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; Remaining name: 'cn=umg/somerole,dc=acme,dc=com'
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
> at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1023)
> at com.sun.jndi.toolkit.ctx.ComponentContext.c_resolveIntermediate_nns(ComponentContext.java:164)
> at com.sun.jndi.toolkit.ctx.AtomicContext.c_resolveIntermediate_nns(AtomicContext.java:354)
> at com.sun.jndi.toolkit.ctx.ComponentContext.p_resolveIntermediate(ComponentContext.java:393)
> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:217)
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:133)
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
> at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:151)
> at org.jboss.seam.security.management.LdapIdentityStore.getGrantedRoles(LdapIdentityStore.java:890)
> ... 84 more
> This error does not occur when the user's record does not contain roles with a forward slash. I was able to eliminate this exception by changing line 890 in LdapIdentityStore from this:
> Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);
> To this:
> Attributes result2 = ctx.getAttributes(new javax.naming.ldap.LdapName(roleDN), returnAttribute);
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list