[seam-issues] [JBoss JIRA] Created: (SEAMSECURITY-19) LdapIdentityStore throws NameNotFoundException when a role contains a forward slash

Wed, 10 Nov 2010 11:42:08 -0800 

LdapIdentityStore throws NameNotFoundException when a role contains a forward 
slash
-----------------------------------------------------------------------------------

                 Key: SEAMSECURITY-19
                 URL: https://jira.jboss.org/browse/SEAMSECURITY-19
             Project: Seam Security
          Issue Type: Bug
         Environment: WebSphere Application Server 6.1, Seam 2.2.0.GA
            Reporter: Jeremiah Orr


When using LdapIdentityStore for the role-identity-store, if a user's LDAP 
entry contains a role with a forward slash (/), the following exception occurs:

javax.security.auth.login.LoginException: Failed to query roles
        at 
org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:141)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[snip]
Caused by: 
org.jboss.seam.security.management.IdentityManagementException: Failed to query 
roles
        at 
org.jboss.seam.security.management.LdapIdentityStore.getGrantedRoles(LdapIdentityStore.java:903)
        at 
org.jboss.seam.security.management.LdapIdentityStore.getImpliedRoles(LdapIdentityStore.java:938)
        at 
org.jboss.seam.security.management.IdentityManager.getImpliedRoles(IdentityManager.java:254)
        at 
org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:130)
        ... 81 more
Caused by: 
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; 
Remaining name: 'cn=umg/somerole,dc=acme,dc=com'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
        at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1023)
        at 
com.sun.jndi.toolkit.ctx.ComponentContext.c_resolveIntermediate_nns(ComponentContext.java:164)
        at 
com.sun.jndi.toolkit.ctx.AtomicContext.c_resolveIntermediate_nns(AtomicContext.java:354)
        at 
com.sun.jndi.toolkit.ctx.ComponentContext.p_resolveIntermediate(ComponentContext.java:393)
        at 
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:217)
        at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:133)
        at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
        at 
javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:151)
        at 
org.jboss.seam.security.management.LdapIdentityStore.getGrantedRoles(LdapIdentityStore.java:890)
        ... 84 more

This error does not occur when the user's record does not contain roles with a 
forward slash. I was able to eliminate this exception by changing line 890 in 
LdapIdentityStore from this:

Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);

To this:

Attributes result2 = ctx.getAttributes(new javax.naming.ldap.LdapName(roleDN), 
returnAttribute);

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues

Reply via email to