[LPS-15467] NullPointerException when both "Use LDAP Password Policy" and "Import from LDAP" are checked - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Duplicate
Affects Version/s: 6.0.5 GA, 6.0.6 GA
Fix Version/s: None
Component/s: Accessibility, Application Security, Security Vulnerability
Labels:
None

Description

A NullPointerException is thrown when both "Use LDAP Password Policy" and "Import from LDAP" are checked

The "Use LDAP Password Policy" option is found under control panel > settings > authentication > ldap
The "Import from LDAP" option is found under control panel > settings > authentication > cas

The following exception is thrown when you authenticate a user via cas that is in ldap but not a user in liferay yet :

java.lang.NullPointerException
at com.liferay.portal.security.pwd.PasswordPolicyToolkit.generateDynamic(PasswordPolicyToolkit.java:161)
at com.liferay.portal.security.pwd.PasswordPolicyToolkit.generate(PasswordPolicyToolkit.java:75)
at com.liferay.portal.security.pwd.PwdToolkitUtil._generate(PwdToolkitUtil.java:56)
at com.liferay.portal.security.pwd.PwdToolkitUtil.generate(PwdToolkitUtil.java:32)
at com.liferay.portal.service.impl.UserLocalServiceImpl.addUser(UserLocalServiceImpl.java:354)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
at com.liferay.portal.dao.jdbc.aop.DynamicDataSourceTransactionInterceptor.invoke(DynamicDataSourceTransactionInterceptor.java:44)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:58)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:58)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:58)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy81.addUser(Unknown Source)
at com.liferay.portal.service.UserLocalServiceUtil.addUser(UserLocalServiceUtil.java:286)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.addUser(PortalLDAPImporterImpl.java:302)

In PasswordPolicyLocalServiceImpl we find.getPasswordPolicy you find this piece of code that is the root of the nullpointer

if (LDAPSettingsUtil.isPasswordPolicyEnabled(companyId)) {
return null;
}

Attachments

Activity

People

Assignee:: SE Support

Reporter:: Jelmer Kuperus (Inactive)

Participants of an Issue:: Jelmer Kuperus, Rick Umali, SE Support, Tammy Fong

Recent user:: Brian Wulbern

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 23/Feb/11 8:05 AM

Updated:: 25/Mar/19 1:22 AM

Resolved:: 12/Aug/11 2:22 AM

Days since last comment:: 9 years, 30 weeks ago

Packages

Version	Package