Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-675

LDAP query fails if there are no filters

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • PLINK_2.7.0.Final
    • PLINK_2.7.0.CR3
    • IDM
    • None

      Attempting to run an IdentityQuery with no filters on an LDAP store fails with the below exception if no object classes are specified in the mapping configuration.

      The problem appears to be in LDAPIdentityStore#createIdentityTypeSearchFilter, specifically line 551. It's currently checking if ldapEntryConfig is not null, but it's not possible for ldapEntryConfig to be null at that point. createIdentityTypeSearchFilter is only called from fetchQueryResults, which obtains ldapEntryConfig from getMappingConfig, and getMappingConfig throws an exception if it would return null.

      So the line should probably be checking if !ldapEntryConfig.getObjectClasses().isEmpty() instead, which should result in the correct behavior.

      17:46:46,899 FATAL [javax.enterprise.resource.webcontainer.jsf.context] (default task-58) PLIDM000501: Could not query IdentityType using query [org.picketlink.idm.query.internal.DefaultIdentityQuery@6c8065e4].: org.picketlink.idm.IdentityManagementException: PLIDM000501: Could not query IdentityType using query [org.picketlink.idm.query.internal.DefaultIdentityQuery@6c8065e4].
      	at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:200) [picketlink-idm-impl-2.7.0.CR3.jar:]
      	at com.sg.song.nms.security.ui.UserSearchable.executeQuery(UserSearchable.java:72) [classes:]
      	at com.lapis.jsf.framework.ui.component.LazyLoadModel.load(LazyLoadModel.java:67) [framework-jsf-1.0.0-SNAPSHOT.jar:]
      	at com.lapis.jsf.framework.ui.component.LazyLoadModel.load(LazyLoadModel.java:39) [framework-jsf-1.0.0-SNAPSHOT.jar:]
      	at org.primefaces.component.datatable.DataTable.loadLazyData(DataTable.java:841) [primefaces-5.1.jar:5.1]
      	at org.primefaces.component.datatable.DataTableRenderer.preRender(DataTableRenderer.java:95) [primefaces-5.1.jar:5.1]
      	at org.primefaces.component.datatable.DataTableRenderer.encodeEnd(DataTableRenderer.java:83) [primefaces-5.1.jar:5.1]
      	at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:919) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1863) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at javax.faces.render.Renderer.encodeChildren(Renderer.java:176) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:889) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1856) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1859) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1859) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:456) [jsf-impl-2.2.8-jbossorg-1.jar:]
      	at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:133) [jsf-impl-2.2.8-jbossorg-1.jar:]
      	at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:337) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:337) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:337) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:337) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:120) [jsf-impl-2.2.8-jbossorg-1.jar:]
      	at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.2.8-jbossorg-1.jar:]
      	at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:219) [jsf-impl-2.2.8-jbossorg-1.jar:]
      	at org.apache.deltaspike.jsf.impl.listener.request.DeltaSpikeLifecycleWrapper.render(DeltaSpikeLifecycleWrapper.java:111) [deltaspike-jsf-module-impl-1.0.3.jar:1.0.3]
      	at javax.faces.lifecycle.LifecycleWrapper.render(LifecycleWrapper.java:92) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:647) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
      	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.websockets.jsr.JsrWebSocketFilter.doFilter(JsrWebSocketFilter.java:129) [undertow-websockets-jsr-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
      	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
      	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_20]
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_20]
      	at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_20]
      Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000501: Could not query IdentityType using query [org.picketlink.idm.query.internal.DefaultIdentityQuery@6c8065e4].
      	at org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:231) [picketlink-idm-impl-2.7.0.CR3.jar:]
      	at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:189) [picketlink-idm-impl-2.7.0.CR3.jar:]
      	... 56 more
      Caused by: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'CN=Users,DC=IGCDEV,DC=COM'
      	at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:330) [rt.jar:1.8.0_20]
      	at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146) [rt.jar:1.8.0_20]
      	at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741) [rt.jar:1.8.0_20]
      	at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657) [rt.jar:1.8.0_20]
      	at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104) [rt.jar:1.8.0_20]
      	at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74) [rt.jar:1.8.0_20]
      	at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:548) [rt.jar:1.8.0_20]
      	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) [rt.jar:1.8.0_20]
      	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) [rt.jar:1.8.0_20]
      	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) [rt.jar:1.8.0_20]
      	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) [rt.jar:1.8.0_20]
      	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) [rt.jar:1.8.0_20]
      	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341) [rt.jar:1.8.0_20]
      	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) [rt.jar:1.8.0_20]
      	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) [rt.jar:1.8.0_20]
      	at org.picketlink.idm.ldap.internal.LDAPOperationManager$2.execute(LDAPOperationManager.java:210) [picketlink-idm-impl-2.7.0.CR3.jar:]
      	at org.picketlink.idm.ldap.internal.LDAPOperationManager$2.execute(LDAPOperationManager.java:207) [picketlink-idm-impl-2.7.0.CR3.jar:]
      	at org.picketlink.idm.ldap.internal.LDAPOperationManager.execute(LDAPOperationManager.java:609) [picketlink-idm-impl-2.7.0.CR3.jar:]
      	at org.picketlink.idm.ldap.internal.LDAPOperationManager.search(LDAPOperationManager.java:207) [picketlink-idm-impl-2.7.0.CR3.jar:]
      	at org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:222) [picketlink-idm-impl-2.7.0.CR3.jar:]
      	... 57 more
      

              psilva@redhat.com Pedro Igor Craveiro
              rdicroce Richard DiCroce (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: