https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
Bug ID: 65308
Summary: NPE in JNDIRealm when no userRoleAttribute is given
Product: Tomcat 10
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: felix.schumac...@internetallee.de
Target Milestone: ------
Created attachment 37863
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37863&action=edit
Check for null values before escaping values
This is a regression in JNDIRealm caused by Bug 65224.
If no "userRoleAttribute" is specified on the JNDIRealm, its default value of
null will be used. That will cause a NPE in JNDIRealm#doFilterEscaping and/or
JNDIRealm#doAttributeValueEscaping.
Mai 15, 2021 2:10:59 PM org.apache.catalina.realm.JNDIRealm authenticate
INFORMATION: Exception performing authentication. Retrying...
java.lang.NullPointerException
at
org.apache.catalina.realm.JNDIRealm.doAttributeValueEscaping(JNDIRealm.java:2889)
at org.apache.catalina.realm.JNDIRealm.getRoles(JNDIRealm.java:1892)
at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1320)
at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1232)
Simplest solution is to return null in both escape methods, when null is passed
in.
The attached patch also adds the unbound-ldapsdk to the eclipse class path.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
