Bug 57208 - NullPointerException on JNDIRealm when search finds no results - org.apache.catalina.realm.JNDIRealm
NullPointerException on JNDIRealm when search finds no results - org.apache.c...
Status: RESOLVED FIXED
Product: Tomcat 7
Classification: Unclassified
Component: Catalina
7.0.57
PC All
: P2 normal (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2014-11-13 17:16 UTC by Jason McIntosh
Modified: 2014-11-14 17:17 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jason McIntosh 2014-11-13 17:16:12 UTC
When JNDIRealm does a "getUserBySearch", and no results are found, a null object is returned.  This causes a NPE in the next few lines where it tries to create a user.

       if (userPatternFormatArray != null && curUserPattern >= 0) {
            user = getUserByPattern(context, username, credentials, attrIds, curUserPattern);
        } else {
            user = getUserBySearch(context, username, attrIds);
        }

        if (userPassword == null && credentials != null) {
            // The password is available. Insert it since it may be required for
            // role searches.
            return new User(user.getUserName(), user.getDN(), credentials,
                    user.getRoles(), user.getUserRoleId());
        }


Should probably be changed to:

       if (userPatternFormatArray != null && curUserPattern >= 0) {
            user = getUserByPattern(context, username, credentials, attrIds, curUserPattern);
            containerLog.debug("Found user by pattern (" + user + ")");
        } else {
            user = getUserBySearch(context, username, attrIds);
            containerLog.debug("Found user by search (" + user + ")");
        }

        if (userPassword == null && credentials != null && user != null) {
            // The password is available. Insert it since it may be required for
            // role searches.
            return new User(user.getUserName(), user.getDN(), credentials,
                    user.getRoles(), user.getUserRoleId());
        }
Comment 1 Konstantin Kolinko 2014-11-13 18:44:43 UTC
Regression from r1628538/r1628524.

Tomcat 6 does not have that code and is not affected. (It does not have roleSearchAsUser options, an issue with which was fixed by that r1628538).
Comment 2 Violeta Georgieva 2014-11-14 17:17:57 UTC
Hi,

Thanks for the report and patch.
This is fixed in 7.0.x and 8.0.x and will be available in 7.0.58 and 8.0.16 onwards.

Regards,
Violetag