svn commit: r1628524 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/changelog.xml

Tue, 30 Sep 2014 12:49:13 -0700 

Author: markt
Date: Tue Sep 30 19:48:42 2014
New Revision: 1628524

URL: http://svn.apache.org/r1628524
Log:
Correct a couple of NPEs in the JNDI Realm that could be triggered with when 
not specifying a roleBase and enabling roleSearchAsUser.

Modified:
    tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1628524&r1=1628523&r2=1628524&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Tue Sep 30 
19:48:42 2014
@@ -1280,6 +1280,13 @@ public class JNDIRealm extends RealmBase
             user = getUserBySearch(context, username, attrIds);
         }
 
+        if (userPassword == null && credentials != null) {
+            // The password is available. Insert it since it may be required 
for
+            // role searches.
+            return new User(user.getUserName(), user.getDN(), credentials,
+                    user.getRoles(), user.getUserRoleId());
+        }
+
         return user;
     }
 
@@ -1708,6 +1715,8 @@ public class JNDIRealm extends RealmBase
                 nameParts[i] = name.get(i);
             }
             base = roleBaseFormat.format(nameParts);
+        } else {
+            base = "";
         }
 
         // Perform the configured search and process the results

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1628524&r1=1628523&r2=1628524&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Sep 30 19:48:42 2014
@@ -90,6 +90,10 @@
         it in the web application class loader to set the correct code base for
         resources loaded from JARs and WARs. (markt)
       </fix>
+      <fix>
+        Correct a couple of NPEs in the JNDI Realm that could be triggered with
+        when not specifying a roleBase and enabling roleSearchAsUser. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to