AbstractDatabaseLoginModule doesn't react gracefully when getting UserInfo and userName is not found in the specified dbUserTable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 6.1.11
Fix Version/s: 7.0.0pre3, 6.1.12rc1
Component/s: Security and SSL
Labels:
None

Number of attachments :
0

Description

I'm using JAAS with a DataSourceLoginModule for authentication and in the case when a username is not to be found in the database a NullPointerException is thrown by Credential.getCredential as AbstractDataBaseLoginModule passes the null value (for dbCredential) to it - and it in turn tries to determine the crypt type.

I'm sure there is a more elegant way to deal with this situation.

My stack trace:

java.lang.NullPointerException
at org.mortbay.jetty.security.Credential.getCredential(Credential.java:60)
at org.mortbay.jetty.plus.jaas.spi.AbstractDatabaseLoginModule.getUserInfo(AbstractDatabaseLoginModule.java:103)
at org.mortbay.jetty.plus.jaas.spi.AbstractLoginModule.login(AbstractLoginModule.java:233)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at org.mortbay.jetty.plus.jaas.JAASUserRealm.authenticate(JAASUserRealm.java:231)
at org.mortbay.jetty.security.BasicAuthenticator.authenticate(BasicAuthenticator.java:62)
at org.mortbay.jetty.security.SecurityHandler.check(SecurityHandler.java:441)
at org.mortbay.jetty.security.SecurityHandler.checkSecurityConstraints(SecurityHandler.java:269)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:191)

Activity

Ascending order - Click to sort in descending order

David Yu made changes - 30/Jul/08 11:22 PM

Field	Original Value	New Value
Assignee		David Yu [ dyu ]

Hide

Permalink

David Yu added a comment - 30/Jul/08 11:47 PM

Fixed in trunk (jetty6 and jetty7)
AbstractLoginModule.login() will return false if its the case.

Show

David Yu added a comment - 30/Jul/08 11:47 PM Fixed in trunk (jetty6 and jetty7) AbstractLoginModule.login() will return false if its the case.

David Yu made changes - 30/Jul/08 11:47 PM

Status	Open [ 1 ]	Resolved [ 5 ]
Fix Version/s		7.0.0 [ 14176 ]
Fix Version/s		6.1.12 [ 14380 ]
Fix Version/s		7.0.0pre3 [ 14417 ]
Resolution		Fixed [ 1 ]

Jesse McConnell made changes - 01/Aug/08 9:28 AM

Fix Version/s	6.1.12 [ 14380 ]
Fix Version/s	7.0.0 [ 14176 ]
Fix Version/s		6.1.12rc1 [ 14480 ]

People

Assignee:

David Yu

Reporter:

Marin� A. J�nsson

Vote (0)

Watch (0)

Dates

Created:

28/Jul/08 6:15 PM

Updated:

01/Aug/08 9:28 AM

Resolved:

30/Jul/08 11:47 PM