Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-525

When no user name is provided, JndiRealm causes an IllegalStateException to be thrown

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 1.2.2
    • None
    • Realms
    • None

    Description

      We are using NTLM authentication with Waffle using a filter. If waffle can't succeed at the integrated authentication, a form is provided. When the integrated auth fails, it is typically because the user is not part of the domain. As a result, there is no username discovered/provided. When this occurs, Shiro is throwing an IllegalStateException as shown in the stacktrace below. By throwing an IllegalStateException, the normal flow of error handling is bypassed and the unchecked exception propagates out of the servlet, improperly generating a server error instead of a standard AuthenticationException. If a principal is not provided, a warning/error can be logged, but the framework should generate the standard AuthenticationException forcing the client to be challenged to reauthenticate.

      16 Jan 2015 14:48:15,872 [] - Realm [org.apache.shiro.realm.ldap.JndiLdapRealm@3630843] threw an exception during a multi-realm authentication attempt:
      java.lang.IllegalArgumentException: principal argument cannot be null.
      at org.apache.shiro.subject.SimplePrincipalCollection.add(SimplePrincipalCollection.java:104)
      at org.apache.shiro.subject.SimplePrincipalCollection.(SimplePrincipalCollection.java:59)
      at org.apache.shiro.authc.SimpleAuthenticationInfo.(SimpleAuthenticationInfo.java:74)
      at org.apache.shiro.realm.ldap.JndiLdapRealm.createAuthenticationInfo(JndiLdapRealm.java:412)
      at org.apache.shiro.realm.ldap.JndiLdapRealm.queryForAuthenticationInfo(JndiLdapRealm.java:377)
      at org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:295)
      at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
      at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:219)
      at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269)
      at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
      at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
      at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
      at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
      at org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53)
      at waffle.shiro.negotiate.NegotiateAuthenticationFilter.onAccessDenied(NegotiateAuthenticationFilter.java:168)
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            lewisdavidcole David Cole
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: