-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
None
-
None
For example info.magnolia.cms.security.RescueSecuritySupport.RescueUser adds workflow-base role tu superuser by default but if this role doesn't exist in magnolia(workflow is not installed) then login fails on NPE.
Same can happen if user obtain role for example from ldap/ad etc. and this role does not exist in user-role repo
javax.security.auth.login.LoginException: java.lang.NullPointerException at info.magnolia.jaas.sp.jcr.JCRAuthorizationModule.setACLForRoles(JCRAuthorizationModule.java:191) at info.magnolia.jaas.sp.jcr.JCRAuthorizationModule.setACL(JCRAuthorizationModule.java:103) at info.magnolia.jaas.sp.AbstractLoginModule.commit(AbstractLoginModule.java:230) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:580) at info.magnolia.cms.security.RescueSecuritySupport.authenticate(RescueSecuritySupport.java:99) at info.magnolia.cms.security.auth.login.LoginHandlerBase.authenticate(LoginHandlerBase.java:47) at info.magnolia.cms.security.auth.login.FormLogin.handle(FormLogin.java:76) at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:66) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:85) at info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:91) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) at info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:73) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:102) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:131) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:67) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:108) at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67) at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108) at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:662)
Acceptance criteria
- is related to
-
MAGNOLIA-4115 Authorization fails if user has a group which does not exist in repo
- Closed