Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-3344

fix for NPE in hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(String, UsernamePasswordAuthenticationToken)

XMLWordPrintable

    • Icon: Patch Patch
    • Resolution: Fixed
    • Icon: Major Major
    • active-directory-plugin
    • None
    • Platform: All, OS: All

      A NullPointerException is occurring in
      hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(String,
      UsernamePasswordAuthenticationToken) when entering a group name in the
      Project-based Matrix Authorization:
      java.lang.NullPointerException
      hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:100)
      hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.loadUserByUsername(ActiveDirectoryAuthenticationProvider.java:61)
      hudson.security.SecurityRealm.loadUserByUsername(SecurityRealm.java:197)
      hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl$1.check(GlobalMatrixAuthorizationStrategy.java:261)
      hudson.util.FormFieldValidator.process(FormFieldValidator.java:135)
      hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:249)
      hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:244)
      sun.reflect.GeneratedMethodAccessor224.invoke(Unknown Source)
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      java.lang.reflect.Method.invoke(Method.java:597)
      org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:156)
      org.kohsuke.stapler.Function.bindAndInvoke(Function.java:76)
      org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:73)
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      org.kohsuke.stapler.Stapler.invoke(Stapler.java:438)
      org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:313)
      org.kohsuke.stapler.Stapler.invoke(Stapler.java:438)
      org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:145)
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      org.kohsuke.stapler.Stapler.invoke(Stapler.java:438)
      org.kohsuke.stapler.Stapler.invoke(Stapler.java:356)
      org.kohsuke.stapler.Stapler.service(Stapler.java:116)

      The problem is that queryInterface(IADsUser.class) returns null when
      dso.openDSObject is called with a group name. I made a patch to test this
      condition and throw a UsernameNotFoundException to let execution continue in
      hudson.security.GlobalMatrixAuthorizationStrategy.DescriptorImpl.doCheckName(String,
      AccessControlled, Permission).
      Here's the patch:

      Index: ActiveDirectoryAuthenticationProvider.java
      ===================================================================
      — ActiveDirectoryAuthenticationProvider.java (revision 16504)
      +++ ActiveDirectoryAuthenticationProvider.java (working copy)
      @@ -95,7 +95,10 @@
      } catch (ComException e)

      { throw new BadCredentialsException("Incorrect password for "+username); }

      -
      + // If username is in fact a group
      + if (usr == null)

      { + throw new UsernameNotFoundException("User not found: "+username); + }

      List<GrantedAuthority> groups = new ArrayList<GrantedAuthority>();
      for( Com4jObject g : usr.groups() ) {
      IADsGroup grp = g.queryInterface(IADsGroup.class);

        1. ActiveDirectoryAuthenticationProvider.java-patch
          0.7 kB

            Unassigned Unassigned
            cedric_lamalle cedric_lamalle
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: