Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10047

Elytron properties-realm doesn't handle unicode sequences

XMLWordPrintable

    • Hide

      Store attached property files in standalone/configuration (replace existing ones). They contain 3 users mapped to JBossAdmin role. The usernames are the same as passwords:

      • user
      • admin
      • @!#?$%^&*()%+-{}用戶名اسمالمستخدمžščřžďťňäáéěëíýóůúüŽŠČŘŽĎŤŇÄÁÉĚËÍÝÓŮÚÜ

      Use following CLI to re-configure server to use plain-text credentials (legacy security way):

      /core-service=management/security-realm=ApplicationRealm/authentication=properties:write-attribute(name=plain-text, value=true)
      

      Deploy attached application and open it:

      Try to authenticate with all the usernames -> all 3 pass in this legacy configuration. Principal names are returned as response bodies.

      Reconfigure server to use Elytron:

      /subsystem=elytron/properties-realm=ApplicationRealm:write-attribute(name=users-properties.plain-text, value=true)
      /subsystem=undertow/application-security-domain=other:add(http-authentication-factory=application-http-authentication)
      reload
      

      Try again to authenticate with all the usernames -> only the "user" one passes because the 2 others has unicode escape sequences in it and Elytron is not able to handle them.

      Show
      Store attached property files in standalone/configuration (replace existing ones). They contain 3 users mapped to JBossAdmin role. The usernames are the same as passwords: user admin @!#?$%^&*()%+-{}用戶名اسمالمستخدمžščřžďťňäáéěëíýóůúüŽŠČŘŽĎŤŇÄÁÉĚËÍÝÓŮÚÜ Use following CLI to re-configure server to use plain-text credentials (legacy security way): /core-service=management/security-realm=ApplicationRealm/authentication=properties:write-attribute(name=plain-text, value= true ) Deploy attached application and open it: http://localhost:8080/secured/ Try to authenticate with all the usernames -> all 3 pass in this legacy configuration . Principal names are returned as response bodies. Reconfigure server to use Elytron: /subsystem=elytron/properties-realm=ApplicationRealm:write-attribute(name=users-properties.plain-text, value= true ) /subsystem=undertow/application-security-domain=other:add(http-authentication-factory=application-http-authentication) reload Try again to authenticate with all the usernames -> only the "user" one passes because the 2 others has unicode escape sequences in it and Elytron is not able to handle them .

      Users who use property-file based authentication with plain passwords can't authenticate with Elytron if the property file contains Unicode escape sequences (e.g. file generated by using a classical java.util.Properties). The same authentication works with legacy solution (/core-service=management/security-realm=ApplicationRealm/authentication=properties(plain-text=true, ...)).

      The LegacyPropertiesSecurityRealm implementation has to be able to support properties files which were supported by legacy security realms.

              rhn-cservice-bbaranow Bartosz Baranowski
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: