Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-912

LdapExtLoginModule fails to load roles when a Custom Principal is specified

    XMLWordPrintable

Details

    Description

      LdapExtLoginModule.addRole(String) calls:
      super.createIdentity(roleName);

      This attempts to get the current context classloader for the current thread. Unfortunately, this fails as the context classloader is null.

      The callchain is:
      createLdapInitContext->rolesSearch->addRole

      Lines 432 and 433 of LdapExtLoginModule are:
      if (currentTCCL != null)
      SecurityActions.setContextClassLoader(null);

      This clears the classloader, so the principal class cannot be loaded.

      Attachments

        Issue Links

          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-1967 (7.0.z) Upgrade PicketBox from 4.9.7 to 4.9.4.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. SECURITY-754 LdapExtLoginModule fails with follow referral

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem that impairs or prevents the functions of the product. WFLY-808 LdapExtLoginModule fails with follow referral

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              sguilhen Stefan Guilhen
              jsightle@redhat.com Jess Sightler
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: