Details
-
Type:
Bug
-
Status:
Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 6.1.11
-
Component/s: Security and SSL
-
Labels:None
-
Number of attachments :
Description
I'm using JAAS with a DataSourceLoginModule for authentication and in the case when a username is not to be found in the database a NullPointerException is thrown by Credential.getCredential as AbstractDataBaseLoginModule passes the null value (for dbCredential) to it - and it in turn tries to determine the crypt type.
I'm sure there is a more elegant way to deal with this situation.
My stack trace:
java.lang.NullPointerException
at org.mortbay.jetty.security.Credential.getCredential(Credential.java:60)
at org.mortbay.jetty.plus.jaas.spi.AbstractDatabaseLoginModule.getUserInfo(AbstractDatabaseLoginModule.java:103)
at org.mortbay.jetty.plus.jaas.spi.AbstractLoginModule.login(AbstractLoginModule.java:233)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at org.mortbay.jetty.plus.jaas.JAASUserRealm.authenticate(JAASUserRealm.java:231)
at org.mortbay.jetty.security.BasicAuthenticator.authenticate(BasicAuthenticator.java:62)
at org.mortbay.jetty.security.SecurityHandler.check(SecurityHandler.java:441)
at org.mortbay.jetty.security.SecurityHandler.checkSecurityConstraints(SecurityHandler.java:269)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:191)