Uploaded image for project: 'Application Server 3  4  5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-3555

LdapExtLoginModule fails if no initial bind credentials are supplied but anonymous login would be possible

    Details

    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Well, you could create a dummy user to avoid an anonymous bind at all.

      Show
      Well, you could create a dummy user to avoid an anonymous bind at all.

      Description

      If an anonymous bind to the LDAP-Server is allowed no bindDN and bindCredential is supplied in login-context.xml. This causes the LoginModule to fail due to an NPE. The responsible lines are around 485:

      env.setProperty(Context.SECURITY_PRINCIPAL, dn);
      env.put(Context.SECURITY_CREDENTIALS, credential);

      The HashMap.put fails if dn or credetials are null. The obvious solution is to change the lines to:

      if (dn != null)
      env.setProperty(Context.SECURITY_PRINCIPAL, dn);
      if (credential != null)
      env.put(Context.SECURITY_CREDENTIALS, credential);

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                dimitris Dimitrios Andreadis
                Reporter:
                fhh fhh (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 30 minutes
                  30m
                  Remaining:
                  Remaining Estimate - 30 minutes
                  30m
                  Logged:
                  Time Spent - Not Specified
                  Not Specified