-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
In case when Principal with null name is used in chain of org.wildfly.extension.elytron.capabilities.PrincipalTransformer then this method throw NullPointerException which is hidden to user due to JBEAP-9625.
This issue can be simply reproduced by using regex-validating-principal-transformer and user which does not match given pattern. Then Principal name is set to null which results to following NPE:
java.lang.NullPointerException: java.util.regex.Matcher.getTextLength(Matcher.java:1283) java.util.regex.Matcher.reset(Matcher.java:309) java.util.regex.Matcher.<init>(Matcher.java:229) java.util.regex.Pattern.matcher(Pattern.java:1093) org.wildfly.security.auth.util.RegexNameRewriter.rewriteName(RegexNameRewriter.java:55) org.wildfly.security.auth.server.NameRewriter.lambda$asPrincipalRewriter$1(NameRewriter.java:63) org.wildfly.extension.elytron.capabilities.PrincipalTransformer.lambda$chain$1(PrincipalTransformer.java:64) ...
Since there is no related documentation or javadoc it is also possible that issue is rather in regex-validating-principal-transformer which could set Principal to null instead of Principal name to null. It must be clarified by engineering.
- clones
-
JBEAP-9626 Principal with null name causes hidden NPE for chained-principal-transformer
- Closed