Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-4973

Authorization fails if user has a role which does not exist in repo

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 4.5.9
    • None
    • None
    • None

    Description

      For example info.magnolia.cms.security.RescueSecuritySupport.RescueUser adds workflow-base role tu superuser by default but if this role doesn't exist in magnolia(workflow is not installed) then login fails on NPE.
      Same can happen if user obtain role for example from ldap/ad etc. and this role does not exist in user-role repo

      javax.security.auth.login.LoginException: java.lang.NullPointerException
      	at info.magnolia.jaas.sp.jcr.JCRAuthorizationModule.setACLForRoles(JCRAuthorizationModule.java:191)
      	at info.magnolia.jaas.sp.jcr.JCRAuthorizationModule.setACL(JCRAuthorizationModule.java:103)
      	at info.magnolia.jaas.sp.AbstractLoginModule.commit(AbstractLoginModule.java:230)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      	at java.lang.reflect.Method.invoke(Method.java:597)
      	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      	at javax.security.auth.login.LoginContext.login(LoginContext.java:580)
      	at info.magnolia.cms.security.RescueSecuritySupport.authenticate(RescueSecuritySupport.java:99)
      	at info.magnolia.cms.security.auth.login.LoginHandlerBase.authenticate(LoginHandlerBase.java:47)
      	at info.magnolia.cms.security.auth.login.FormLogin.handle(FormLogin.java:76)
      	at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:66)
      	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
      	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
      	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:85)
      	at info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:91)
      	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
      	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
      	at info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:73)
      	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
      	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
      	at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:102)
      	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
      	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
      	at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:131)
      	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
      	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
      	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:67)
      	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
      	at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:108)
      	at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
      	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108)
      	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
      	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
      	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
      	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
      	at java.lang.Thread.run(Thread.java:662)
      

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                mdivilek Milan Divilek
                mdivilek Milan Divilek
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD