Created attachment 37863 [details] Check for null values before escaping values This is a regression in JNDIRealm caused by Bug 65224. If no "userRoleAttribute" is specified on the JNDIRealm, its default value of null will be used. That will cause a NPE in JNDIRealm#doFilterEscaping and/or JNDIRealm#doAttributeValueEscaping. Mai 15, 2021 2:10:59 PM org.apache.catalina.realm.JNDIRealm authenticate INFORMATION: Exception performing authentication. Retrying... java.lang.NullPointerException at org.apache.catalina.realm.JNDIRealm.doAttributeValueEscaping(JNDIRealm.java:2889) at org.apache.catalina.realm.JNDIRealm.getRoles(JNDIRealm.java:1892) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1320) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1232) Simplest solution is to return null in both escape methods, when null is passed in. The attached patch also adds the unbound-ldapsdk to the eclipse class path.
+1 for your patch, obviously. You can add the tests of course, but you could do without them as well it's just adding a null check, so it cannot possibly break anything and we know it will work.
I kept the changes to the test cases, as they would catch the NPE in case we re-introduce this bug. Fixed in: - 10.0.x for 10.0.7 onwards - 9.0.x for 9.0.47 onwards - 8.5.x for 8.5.67 onwards
Thanks for catching this,
*** Bug 65330 has been marked as a duplicate of this bug. ***