[MAGNOLIA-4973] Authorization fails if user has a role which does not exist in repo Created: 12/Apr/13  Updated: 02/May/13  Resolved: 30/Apr/13

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: 4.5.9

Type: Bug Priority: Critical
Reporter: Milan Divilek Assignee: Milan Divilek
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
is related to MAGNOLIA-4115 Authorization fails if user has a gro... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

For example info.magnolia.cms.security.RescueSecuritySupport.RescueUser adds workflow-base role tu superuser by default but if this role doesn't exist in magnolia(workflow is not installed) then login fails on NPE.
Same can happen if user obtain role for example from ldap/ad etc. and this role does not exist in user-role repo

javax.security.auth.login.LoginException: java.lang.NullPointerException
	at info.magnolia.jaas.sp.jcr.JCRAuthorizationModule.setACLForRoles(JCRAuthorizationModule.java:191)
	at info.magnolia.jaas.sp.jcr.JCRAuthorizationModule.setACL(JCRAuthorizationModule.java:103)
	at info.magnolia.jaas.sp.AbstractLoginModule.commit(AbstractLoginModule.java:230)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:580)
	at info.magnolia.cms.security.RescueSecuritySupport.authenticate(RescueSecuritySupport.java:99)
	at info.magnolia.cms.security.auth.login.LoginHandlerBase.authenticate(LoginHandlerBase.java:47)
	at info.magnolia.cms.security.auth.login.FormLogin.handle(FormLogin.java:76)
	at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:66)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:85)
	at info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:91)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
	at info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:73)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
	at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:102)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
	at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:131)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:67)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
	at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:108)
	at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Thread.java:662)


 Comments   
Comment by Jan Haderka [ 17/Apr/13 ]

Javadoc for MgnlRoleManager.findPrincipalNode() should state that method will return null in case the role doesn't exist.

Generated at Mon Feb 12 04:00:47 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.