Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Critical
Fix Version/s: None
Affects Version/s: JWS 3.1.0 SP2 GA
Component/s: tomcat8
Labels:
None

Target Release:

JWS 3.1.0 SP5 GA

SFDC Cases Links:
SFDC Cases Counter:

Description

When setting roleSubtree="true" on a JNDIRealm a java.lang.ArrayIndexOutOfBoundsException is thrown when getting roles. This results in an HTTP 500 response. The exception and stack trace details are below.

SEVERE [http-apr-8080-exec-1] org.apache.catalina.core.StandardHostValve.invoke Exception Processing /tomcat-ldap-example-1.0-SNAPSHOT/admin/admin.html
 java.lang.ArrayIndexOutOfBoundsException: 0 >= 0
	at java.util.Vector.elementAt(Vector.java:474)
	at javax.naming.NameImpl.get(NameImpl.java:556)
	at javax.naming.CompositeName.get(CompositeName.java:381)
	at org.apache.catalina.realm.JNDIRealm.getDistinguishedName(JNDIRealm.java:2683)
	at org.apache.catalina.realm.JNDIRealm.getRoles(JNDIRealm.java:1970)
	at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1353)
	at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1265)
	at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:84)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:569)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1100)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:687)
	at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:2458)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

Here is my JNDIRealm configuration:

   <Realm className="org.apache.catalina.realm.JNDIRealm"
      connectionURL="ldap://localhost:389"
      connectionName="cn=admin,dc=mycorp,dc=com"
      connectionPassword="*****"
      userPattern="uid={0},ou=users,dc=mycorp,dc=com"
      roleBase="cn=helpdesk,dc=mycorp,dc=com"
      roleName="cn"
      roleSubtree="true"
      roleSearch="(member={0})"
    />

Removing roleSubtree="true" results in no exception, but the roles aren't retrieved. This is because the default LDAP search scope is single-level, but roleSubtree="true" switches the scope to subtree (which is what is needed).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

tomcat-ldap-example.zip
7 kB
2018/04/30 2:36 PM

Activity

People

Assignee:: Coty Sutherland

Reporter:: Dave Mulford

Tester:: Marek Czernek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2018/04/30 2:22 PM

Updated:: 2021/10/24 6:09 AM

Resolved:: 2018/08/28 7:05 AM