Jetty
  1. Jetty
  2. JETTY-663

AbstractDatabaseLoginModule doesn't react gracefully when getting UserInfo and userName is not found in the specified dbUserTable

    Details

    • Number of attachments :
      0

      Description

      I'm using JAAS with a DataSourceLoginModule for authentication and in the case when a username is not to be found in the database a NullPointerException is thrown by Credential.getCredential as AbstractDataBaseLoginModule passes the null value (for dbCredential) to it - and it in turn tries to determine the crypt type.

      I'm sure there is a more elegant way to deal with this situation.

      My stack trace:

      java.lang.NullPointerException
      at org.mortbay.jetty.security.Credential.getCredential(Credential.java:60)
      at org.mortbay.jetty.plus.jaas.spi.AbstractDatabaseLoginModule.getUserInfo(AbstractDatabaseLoginModule.java:103)
      at org.mortbay.jetty.plus.jaas.spi.AbstractLoginModule.login(AbstractLoginModule.java:233)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at javax.security.auth.login.LoginContext.invoke(Unknown Source)
      at javax.security.auth.login.LoginContext.access$000(Unknown Source)
      at javax.security.auth.login.LoginContext$4.run(Unknown Source)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
      at javax.security.auth.login.LoginContext.login(Unknown Source)
      at org.mortbay.jetty.plus.jaas.JAASUserRealm.authenticate(JAASUserRealm.java:231)
      at org.mortbay.jetty.security.BasicAuthenticator.authenticate(BasicAuthenticator.java:62)
      at org.mortbay.jetty.security.SecurityHandler.check(SecurityHandler.java:441)
      at org.mortbay.jetty.security.SecurityHandler.checkSecurityConstraints(SecurityHandler.java:269)
      at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:191)

        Activity

        David Yu made changes -
        Field Original Value New Value
        Assignee David Yu [ dyu ]
        Hide
        David Yu added a comment -

        Fixed in trunk (jetty6 and jetty7)
        AbstractLoginModule.login() will return false if its the case.

        Show
        David Yu added a comment - Fixed in trunk (jetty6 and jetty7) AbstractLoginModule.login() will return false if its the case.
        David Yu made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Fix Version/s 7.0.0 [ 14176 ]
        Fix Version/s 6.1.12 [ 14380 ]
        Fix Version/s 7.0.0pre3 [ 14417 ]
        Resolution Fixed [ 1 ]
        Jesse McConnell made changes -
        Fix Version/s 6.1.12 [ 14380 ]
        Fix Version/s 7.0.0 [ 14176 ]
        Fix Version/s 6.1.12rc1 [ 14480 ]

          People

          • Assignee:
            David Yu
            Reporter:
            Marinó A. Jónsson
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: