When JNDIRealm does a "getUserBySearch", and no results are found, a null object is returned. This causes a NPE in the next few lines where it tries to create a user. if (userPatternFormatArray != null && curUserPattern >= 0) { user = getUserByPattern(context, username, credentials, attrIds, curUserPattern); } else { user = getUserBySearch(context, username, attrIds); } if (userPassword == null && credentials != null) { // The password is available. Insert it since it may be required for // role searches. return new User(user.getUserName(), user.getDN(), credentials, user.getRoles(), user.getUserRoleId()); } Should probably be changed to: if (userPatternFormatArray != null && curUserPattern >= 0) { user = getUserByPattern(context, username, credentials, attrIds, curUserPattern); containerLog.debug("Found user by pattern (" + user + ")"); } else { user = getUserBySearch(context, username, attrIds); containerLog.debug("Found user by search (" + user + ")"); } if (userPassword == null && credentials != null && user != null) { // The password is available. Insert it since it may be required for // role searches. return new User(user.getUserName(), user.getDN(), credentials, user.getRoles(), user.getUserRoleId()); }
Regression from r1628538/r1628524. Tomcat 6 does not have that code and is not affected. (It does not have roleSearchAsUser options, an issue with which was fixed by that r1628538).
Hi, Thanks for the report and patch. This is fixed in 7.0.x and 8.0.x and will be available in 7.0.58 and 8.0.16 onwards. Regards, Violetag