Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-912

LdapExtLoginModule fails to load roles when a Custom Principal is specified

    Details

      Description

      LdapExtLoginModule.addRole(String) calls:
      super.createIdentity(roleName);

      This attempts to get the current context classloader for the current thread. Unfortunately, this fails as the context classloader is null.

      The callchain is:
      createLdapInitContext->rolesSearch->addRole

      Lines 432 and 433 of LdapExtLoginModule are:
      if (currentTCCL != null)
      SecurityActions.setContextClassLoader(null);

      This clears the classloader, so the principal class cannot be loaded.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  sguilhen Stefan Guilhen
                  Reporter:
                  jsightler Jesse Sightler
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: