Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: JBossSecurity_2.0.4.SP4, PicketBox_v3_0_beta6
Affects Version/s: JBossSecurity_2.0.4.SP1, PicketBox_v3_0_beta5
Component/s: None
Labels:
None

Steps to Reproduce:

Hide

Attempt to use LdapExtLoginModule with bindCredential not present in the configuration.

Show
Attempt to use LdapExtLoginModule with bindCredential not present in the configuration.
Workaround Description:

Hide

Adding an empty string for the bindCredential but leaving bindDN not present may work, if the LDAP simply ignores any credentials when the user isn't set.

Show
Adding an empty string for the bindCredential but leaving bindDN not present may work, if the LDAP simply ignores any credentials when the user isn't set.

Description

LdapExtLoginModule got changed for ~~SECURITY-422~~ to allow external commands to be run by prefixing the credential with

{EXT}. It doesn't check for null first which breaks support for anonymous login added in ~~JBAS-3555~~.

The trivial fix is to change the following line in LdapExtLoginModule.createLdapInitContext()
if (this.bindCredential.startsWith("{EXT}

"))
to
if (this.bindCredential != null && this.bindCredential.startsWith("

{EXT}

"))

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

SECURITY-513.patch
0.8 kB
2010/06/16 2:43 AM

Activity

People

Assignee:: Marcus Moyses (Inactive)

Reporter:: James Livingston (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 2010/06/08 9:45 PM

Updated:: 2010/07/06 2:31 PM

Resolved:: 2010/07/06 2:30 PM