Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-1008

NullPointerException after failed authentication.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • Negotiation_3_0_6_Final
    • Negotiation
    • None
    • Undefined

    Description

      It is possible to trigger a NPE during a failed authentication attempt.

      2021-05-07 11:51:57,913 DEBUG [org.jboss.security] (default task-262) PBOX00206: Login failure: javax.security.auth.login.LoginException: java.lang.NullPointerException
    at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:189)
    at sun.reflect.GeneratedMethodAccessor412.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at javax.security.auth.login.LoginContext.invoke(Login

      This is the following block of code:

                 if( ((NegTokenTarg)negotiationContext.getResponseMessage()).getNegResult() != NegTokenTarg.REJECTED ) {
             log.debug("NegotiationContext.setContinuationRequired(true)");
             negotiationContext.setContinuationRequired(true);
           }

      It may be we have a different message type that should have been available here but if this is a failed authentication anyway detecting null should be sufficient.

      Attachments

        Activity

          People

            Unassigned Unassigned
            darran.lofthouse@redhat.com Darran Lofthouse
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: