Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-675

LDAP query fails if there are no filters

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • PLINK_2.7.0.Final
    • PLINK_2.7.0.CR3
    • IDM
    • None

    Description

      Attempting to run an IdentityQuery with no filters on an LDAP store fails with the below exception if no object classes are specified in the mapping configuration.

      The problem appears to be in LDAPIdentityStore#createIdentityTypeSearchFilter, specifically line 551. It's currently checking if ldapEntryConfig is not null, but it's not possible for ldapEntryConfig to be null at that point. createIdentityTypeSearchFilter is only called from fetchQueryResults, which obtains ldapEntryConfig from getMappingConfig, and getMappingConfig throws an exception if it would return null.

      So the line should probably be checking if !ldapEntryConfig.getObjectClasses().isEmpty() instead, which should result in the correct behavior.

      17:46:46,899 FATAL [javax.enterprise.resource.webcontainer.jsf.context] (default task-58) PLIDM000501: Could not query IdentityType using query [org.picketlink.idm.query.internal.DefaultIdentityQuery@6c8065e4].: org.picketlink.idm.IdentityManagementException: PLIDM000501: Could not query IdentityType using query [org.picketlink.idm.query.internal.DefaultIdentityQuery@6c8065e4].
	at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:200) [picketlink-idm-impl-2.7.0.CR3.jar:]
	at com.sg.song.nms.security.ui.UserSearchable.executeQuery(UserSearchable.java:72) [classes:]
	at com.lapis.jsf.framework.ui.component.LazyLoadModel.load(LazyLoadModel.java:67) [framework-jsf-1.0.0-SNAPSHOT.jar:]
	at com.lapis.jsf.framework.ui.component.LazyLoadModel.load(LazyLoadModel.java:39) [framework-jsf-1.0.0-SNAPSHOT.jar:]
	at org.primefaces.component.datatable.DataTable.loadLazyData(DataTable.java:841) [primefaces-5.1.jar:5.1]
	at org.primefaces.component.datatable.DataTableRenderer.preRender(DataTableRenderer.java:95) [primefaces-5.1.jar:5.1]
	at org.primefaces.component.datatable.DataTableRenderer.encodeEnd(DataTableRenderer.java:83) [primefaces-5.1.jar:5.1]
	at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:919) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1863) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at javax.faces.render.Renderer.encodeChildren(Renderer.java:176) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:889) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1856) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1859) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1859) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:456) [jsf-impl-2.2.8-jbossorg-1.jar:]
	at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:133) [jsf-impl-2.2.8-jbossorg-1.jar:]
	at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:337) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:337) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:337) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:337) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:120) [jsf-impl-2.2.8-jbossorg-1.jar:]
	at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.2.8-jbossorg-1.jar:]
	at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:219) [jsf-impl-2.2.8-jbossorg-1.jar:]
	at org.apache.deltaspike.jsf.impl.listener.request.DeltaSpikeLifecycleWrapper.render(DeltaSpikeLifecycleWrapper.java:111) [deltaspike-jsf-module-impl-1.0.3.jar:1.0.3]
	at javax.faces.lifecycle.LifecycleWrapper.render(LifecycleWrapper.java:92) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:647) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8]
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.websockets.jsr.JsrWebSocketFilter.doFilter(JsrWebSocketFilter.java:129) [undertow-websockets-jsr-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_20]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_20]
	at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_20]
Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000501: Could not query IdentityType using query [org.picketlink.idm.query.internal.DefaultIdentityQuery@6c8065e4].
	at org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:231) [picketlink-idm-impl-2.7.0.CR3.jar:]
	at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:189) [picketlink-idm-impl-2.7.0.CR3.jar:]
	... 56 more
Caused by: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'CN=Users,DC=IGCDEV,DC=COM'
	at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:330) [rt.jar:1.8.0_20]
	at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146) [rt.jar:1.8.0_20]
	at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741) [rt.jar:1.8.0_20]
	at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657) [rt.jar:1.8.0_20]
	at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104) [rt.jar:1.8.0_20]
	at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74) [rt.jar:1.8.0_20]
	at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:548) [rt.jar:1.8.0_20]
	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) [rt.jar:1.8.0_20]
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) [rt.jar:1.8.0_20]
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) [rt.jar:1.8.0_20]
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) [rt.jar:1.8.0_20]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) [rt.jar:1.8.0_20]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341) [rt.jar:1.8.0_20]
	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) [rt.jar:1.8.0_20]
	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) [rt.jar:1.8.0_20]
	at org.picketlink.idm.ldap.internal.LDAPOperationManager$2.execute(LDAPOperationManager.java:210) [picketlink-idm-impl-2.7.0.CR3.jar:]
	at org.picketlink.idm.ldap.internal.LDAPOperationManager$2.execute(LDAPOperationManager.java:207) [picketlink-idm-impl-2.7.0.CR3.jar:]
	at org.picketlink.idm.ldap.internal.LDAPOperationManager.execute(LDAPOperationManager.java:609) [picketlink-idm-impl-2.7.0.CR3.jar:]
	at org.picketlink.idm.ldap.internal.LDAPOperationManager.search(LDAPOperationManager.java:207) [picketlink-idm-impl-2.7.0.CR3.jar:]
	at org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:222) [picketlink-idm-impl-2.7.0.CR3.jar:]
	... 57 more

      Attachments

        Activity

          People

            psilva@redhat.com Pedro Igor Craveiro
            rdicroce Richard DiCroce (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: