Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-3344

fix for NPE in hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(String, UsernamePasswordAuthenticationToken)

    XMLWordPrintable

Details

    Description

      A NullPointerException is occurring in
      hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(String,
      UsernamePasswordAuthenticationToken) when entering a group name in the
      Project-based Matrix Authorization:
      java.lang.NullPointerException
      hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:100)
      hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.loadUserByUsername(ActiveDirectoryAuthenticationProvider.java:61)
      hudson.security.SecurityRealm.loadUserByUsername(SecurityRealm.java:197)
      hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl$1.check(GlobalMatrixAuthorizationStrategy.java:261)
      hudson.util.FormFieldValidator.process(FormFieldValidator.java:135)
      hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:249)
      hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:244)
      sun.reflect.GeneratedMethodAccessor224.invoke(Unknown Source)
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      java.lang.reflect.Method.invoke(Method.java:597)
      org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:156)
      org.kohsuke.stapler.Function.bindAndInvoke(Function.java:76)
      org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:73)
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      org.kohsuke.stapler.Stapler.invoke(Stapler.java:438)
      org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:313)
      org.kohsuke.stapler.Stapler.invoke(Stapler.java:438)
      org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:145)
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      org.kohsuke.stapler.Stapler.invoke(Stapler.java:438)
      org.kohsuke.stapler.Stapler.invoke(Stapler.java:356)
      org.kohsuke.stapler.Stapler.service(Stapler.java:116)

      The problem is that queryInterface(IADsUser.class) returns null when
      dso.openDSObject is called with a group name. I made a patch to test this
      condition and throw a UsernameNotFoundException to let execution continue in
      hudson.security.GlobalMatrixAuthorizationStrategy.DescriptorImpl.doCheckName(String,
      AccessControlled, Permission).
      Here's the patch:

      Index: ActiveDirectoryAuthenticationProvider.java
      ===================================================================
      — ActiveDirectoryAuthenticationProvider.java (revision 16504)
      +++ ActiveDirectoryAuthenticationProvider.java (working copy)
      @@ -95,7 +95,10 @@
      } catch (ComException e)

      { throw new BadCredentialsException("Incorrect password for "+username); }

      -
      + // If username is in fact a group
      + if (usr == null)

      { + throw new UsernameNotFoundException("User not found: "+username); + }

      List<GrantedAuthority> groups = new ArrayList<GrantedAuthority>();
      for( Com4jObject g : usr.groups() ) {
      IADsGroup grp = g.queryInterface(IADsGroup.class);

      Attachments

        Issue Links

          Activity

            cedric_lamalle cedric_lamalle created issue -
            scm_issue_link SCM/JIRA link daemon made changes -
            Field Original Value New Value
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Resolved [ 5 ]
            kohsuke Kohsuke Kawaguchi made changes -
            Link This issue is duplicated by JENKINS-3354 [ JENKINS-3354 ]
            kohsuke Kohsuke Kawaguchi made changes -
            Link This issue is duplicated by JENKINS-2955 [ JENKINS-2955 ]
            abayer Andrew Bayer made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 133417 ] JNJira + In-Review [ 202148 ]

            People

              Unassigned Unassigned
              cedric_lamalle cedric_lamalle
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: