David Cole created SHIRO-525:
--------------------------------
Summary: When no user name is provided, JndiRealm causes an
IllegalStateException to be thrown
Key: SHIRO-525
URL: https://issues.apache.org/jira/browse/SHIRO-525
Project: Shiro
Issue Type: Bug
Components: Realms
Affects Versions: 1.2.2
Reporter: David Cole
Priority: Minor
We are using NTLM authentication with Waffle using a filter. If waffle can't
succeed at the integrated authentication, a form is provided. When the
integrated auth fails, it is typically because the user is not part of the
domain. As a result, there is no username discovered/provided. When this
occurs, Shiro is throwing an IllegalStateException as shown in the stacktrace
below. By throwing an IllegalStateException, the normal flow of error handling
is bypassed and the unchecked exception propagates out of the servlet,
improperly generating a server error instead of a standard
AuthenticationException. If a principal is not provided, a warning/error can be
logged, but the framework should generate the standard AuthenticationException
forcing the client to be challenged to reauthenticate.
{noformat}
16 Jan 2015 14:48:15,872 [] - Realm
[org.apache.shiro.realm.ldap.JndiLdapRealm@3630843] threw an exception during a
multi-realm authentication attempt:
java.lang.IllegalArgumentException: principal argument cannot be null.
at
org.apache.shiro.subject.SimplePrincipalCollection.add(SimplePrincipalCollection.java:104)
at
org.apache.shiro.subject.SimplePrincipalCollection.(SimplePrincipalCollection.java:59)
at
org.apache.shiro.authc.SimpleAuthenticationInfo.(SimpleAuthenticationInfo.java:74)
at
org.apache.shiro.realm.ldap.JndiLdapRealm.createAuthenticationInfo(JndiLdapRealm.java:412)
at
org.apache.shiro.realm.ldap.JndiLdapRealm.queryForAuthenticationInfo(JndiLdapRealm.java:377)
at
org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:295)
at
org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:219)
at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269)
at
org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
at
org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
at
org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53)
at
waffle.shiro.negotiate.NegotiateAuthenticationFilter.onAccessDenied(NegotiateAuthenticationFilter.java:168)
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
