Ensure NamingException.resolvedObj is Serializable

Fixes: gh-5378
7 years ago · 5dd55d4936
1 changed files with 11 additions and 0 deletions
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@ -42,6 +42,7 @@ import javax.naming.OperationNotSupportedException;
				@@ -42,6 +42,7 @@ import javax.naming.OperationNotSupportedException;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
 import javax.naming.ldap.InitialLdapContext;
+import java.io.Serializable;
 import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@ -221,6 +222,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
				@@ -221,6 +222,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 			logger.debug("Authentication for " + bindPrincipal + " failed:" + exception);
 		}

+		handleResolveObj(exception);
+
 		int subErrorCode = parseSubErrorCode(exception.getMessage());

 		if (subErrorCode <= 0) {
@ -236,6 +239,14 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
				@@ -236,6 +239,14 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 		}
 	}

+	private void handleResolveObj(NamingException exception) {
+		Object resolvedObj = exception.getResolvedObj();
+		boolean serializable = resolvedObj instanceof Serializable;
+		if (resolvedObj != null && !serializable) {
+			exception.setResolvedObj(null);
+		}
+	}
+
 	private int parseSubErrorCode(String message) {
 		Matcher m = SUB_ERROR_CODE.matcher(message);