-
Patch
-
Resolution: Fixed
-
Major
-
None
-
Platform: All, OS: All
A NullPointerException is occurring in
hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(String,
UsernamePasswordAuthenticationToken) when entering a group name in the
Project-based Matrix Authorization:
java.lang.NullPointerException
hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:100)
hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.loadUserByUsername(ActiveDirectoryAuthenticationProvider.java:61)
hudson.security.SecurityRealm.loadUserByUsername(SecurityRealm.java:197)
hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl$1.check(GlobalMatrixAuthorizationStrategy.java:261)
hudson.util.FormFieldValidator.process(FormFieldValidator.java:135)
hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:249)
hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:244)
sun.reflect.GeneratedMethodAccessor224.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:156)
org.kohsuke.stapler.Function.bindAndInvoke(Function.java:76)
org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:73)
org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:438)
org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:313)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:438)
org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:145)
org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:438)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:356)
org.kohsuke.stapler.Stapler.service(Stapler.java:116)
The problem is that queryInterface(IADsUser.class) returns null when
dso.openDSObject is called with a group name. I made a patch to test this
condition and throw a UsernameNotFoundException to let execution continue in
hudson.security.GlobalMatrixAuthorizationStrategy.DescriptorImpl.doCheckName(String,
AccessControlled, Permission).
Here's the patch:
Index: ActiveDirectoryAuthenticationProvider.java
===================================================================
— ActiveDirectoryAuthenticationProvider.java (revision 16504)
+++ ActiveDirectoryAuthenticationProvider.java (working copy)
@@ -95,7 +95,10 @@
} catch (ComException e)
-
+ // If username is in fact a group
+ if (usr == null)
List<GrantedAuthority> groups = new ArrayList<GrantedAuthority>();
for( Com4jObject g : usr.groups() ) {
IADsGroup grp = g.queryInterface(IADsGroup.class);
- is duplicated by
-
JENKINS-3354 Adding AD group causes 500 error
- Closed
-
JENKINS-2955 Authorization matrix exception - AD plugin 1.9
- Closed