Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-1008

NullPointerException after failed authentication.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • Negotiation_3_0_6_Final
    • Negotiation
    • None
    • Undefined

      It is possible to trigger a NPE during a failed authentication attempt.

      2021-05-07 11:51:57,913 DEBUG [org.jboss.security] (default task-262) PBOX00206: Login failure: javax.security.auth.login.LoginException: java.lang.NullPointerException
    at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:189)
    at sun.reflect.GeneratedMethodAccessor412.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at javax.security.auth.login.LoginContext.invoke(Login

      This is the following block of code:

                 if( ((NegTokenTarg)negotiationContext.getResponseMessage()).getNegResult() != NegTokenTarg.REJECTED ) {
             log.debug("NegotiationContext.setContinuationRequired(true)");
             negotiationContext.setContinuationRequired(true);
           }

      It may be we have a different message type that should have been available here but if this is a failed authentication anyway detecting null should be sufficient.

              Unassigned Unassigned
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: