[MGNLLDAP-134] Login with wrong password causes NullPointerException Created: 10/Sep/19  Updated: 07/Sep/23  Resolved: 07/Sep/23

Status: Closed
Project: LDAP Connector
Component/s: None
Affects Version/s: 1.10.3
Fix Version/s: 1.10.4, 2.0.0

Type: Bug Priority: Neutral
Reporter: Daniel Schneeberger Assignee: Evzen Fochr
Resolution: Fixed Votes: 1
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: Not Specified Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Attachments: Java Source File LDAPAuthenticationModule.java     PNG File Screenshot 2019-09-11 at 13.10.19.png    
Issue Links:
Relates
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLLDAP-135 Release release/1.10 Technical task Closed Evzen Fochr  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Sprint: AdminX 38, AdminX 39
Team: AdminX
Work Started:

 Description   

When logging in with a magnolia user and wrong password info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule#matchPassword:68 results in a NullPointerException. Problem does not occur with LDAP users.

The functionality works well; however the exception is not manager properly.

Steps to reproduce
  1. Loggin using a magnolia user and purposely enter a wrong password
  2. Note the following stack in the terminal
    ERROR info.magnolia.cms.security.SecuritySupportBase    : Can't login due to:
    javax.security.auth.login.LoginException: java.lang.NullPointerException
    	at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.matchPassword(LDAPAuthenticationModule.java:68)
    	at info.magnolia.jaas.sp.ldap.ADAuthenticationModule.validateUser(ADAuthenticationModule.java:56)
    	at info.magnolia.jaas.sp.AbstractLoginModule.login(AbstractLoginModule.java:199)
    	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    	at java.lang.reflect.Method.invoke(Method.java:498)
    	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
    	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    	...
    


 Comments   
Comment by Simon Lutz [ 12/Sep/19 ]

Hi quatico,

thanks a lot for creating the ticket. We have been able to reproduce it an will take care of it.

Cheers,
Simon

Generated at Mon Feb 12 02:21:53 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.