Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11539

Content of wildfly.config.url is parsed incorrectly for non-absolute URI

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.ER2
    • 7.1.0.ER1
    • Security
    • None
    • Hide

      1) Enable Elytron authentication to management:

      <http-interface>
    <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
    <socket-binding http="management-http"/>
</http-interface>

      2) Add user to ManagementRealm:

      ./add-user.sh -m -u admin -p pass@123

      3) Create following wildfly-config.xml file with Elytron client configuration in location like /home/user/temp/wildfly-config.xml:

      <configuration>
    <authentication-client xmlns="urn:elytron:1.0">
        <authentication-rules>
            <rule use-configuration="auth-config"/>
        </authentication-rules>
        <authentication-configurations>
            <configuration name="auth-config">
                <sasl-mechanism-selector selector="DIGEST-MD5"/>
                <set-user-name name="admin"/>
                <credentials>
                    <clear-password password="pass@123"/>
                </credentials>
                <set-mechanism-realm name="ManagementRealm"/>
                <providers>
                    <use-service-loader/>
                </providers>
            </configuration>
        </authentication-configurations>
    </authentication-client>
</configuration>

      4) Deploy testing application which internally calls ElytronXmlParser.parseAuthenticationClientConfiguration(); and access URL like http://127.0.0.1:8080/parse-authn-client-config-dep/authenticationContext?localDescriptor=%2Fhome%2Fuser%2Ftemp%2Fwildfly-config.xml (note that value of localDescriptor must refer to your wildfly-config.xml) - ConfigXMLParseException is thrown, you will see that path from wildfly.config.url system property is parsed into value like /home/user/temp/jboss-eap-7.1/bin/home/user/temp/wildfly-config.xml

      Show
      1) Enable Elytron authentication to management: <http- interface > <http-upgrade enabled= " true " sasl-authentication-factory= "management-sasl-authentication" /> <socket-binding http= "management-http" /> </http- interface > 2) Add user to ManagementRealm: ./add-user.sh -m -u admin -p pass@123 3) Create following wildfly-config.xml file with Elytron client configuration in location like /home/user/temp/wildfly-config.xml : <configuration> <authentication-client xmlns= "urn:elytron:1.0" > <authentication-rules> <rule use-configuration= "auth-config" /> </authentication-rules> <authentication-configurations> <configuration name= "auth-config" > <sasl-mechanism-selector selector= "DIGEST-MD5" /> <set-user-name name= "admin" /> <credentials> <clear-password password= "pass@123" /> </credentials> <set-mechanism-realm name= "ManagementRealm" /> <providers> <use-service-loader/> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> 4) Deploy testing application which internally calls ElytronXmlParser.parseAuthenticationClientConfiguration(); and access URL like http://127.0.0.1:8080/parse-authn-client-config-dep/authenticationContext?localDescriptor=%2Fhome%2Fuser%2Ftemp%2Fwildfly-config.xml (note that value of localDescriptor must refer to your wildfly-config.xml) - ConfigXMLParseException is thrown, you will see that path from wildfly.config.url system property is parsed into value like /home/user/temp/jboss-eap-7.1/bin/home/user/temp/wildfly-config.xml

    Description

      When Elytron client tries to obtain ClientConfiguration through ClientConfiguration.getInstance() method and wildfly.config.url system property includes non-absolute URI then URI for obtaining Elytron Client configuration file is created incorrectly. It is created as value_of_user.dir_system_property+content_of_wildfly.config.url_system_property. It means that Elytron Client configuration file cannot be found and hence its content is not used by Elytron Client.

      This issue is regression between EAP 7.1.0.ER1 and EAP 7.1.0.DR19 (and EAP 7.1.0.Alpha). We request blocker since it breaks feature in RFE EAP7-567 Client Side Security (Elytron Client).

      It seems this issue is probably caused by fix of issue [1] in PR [2].

      Thrown exception:

      org.wildfly.client.config.ConfigXMLParseException: CONF0012: Failed to read from input source
	at file:///home/user/temp/jboss-eap-7.1/bin/home/user/temp/wildfly-config.xml
	at org.wildfly.client.config.ClientConfiguration.readConfiguration(ClientConfiguration.java:135)
	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:144)
	at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlServlet.java:120)
	... 41 more
Caused by: java.io.FileNotFoundException: /home/user/temp/jboss-eap-7.1/bin/home/user/temp/wildfly-config.xml (No such file or directory)
	at java.io.FileInputStream.open0(Native Method)
	at java.io.FileInputStream.open(FileInputStream.java:195)
	at java.io.FileInputStream.<init>(FileInputStream.java:138)
	at java.io.FileInputStream.<init>(FileInputStream.java:93)
	at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
	at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
	at org.wildfly.client.config.ClientConfiguration.streamOpener(ClientConfiguration.java:71)
	at org.wildfly.client.config.ClientConfiguration.readConfiguration(ClientConfiguration.java:131)
	... 43 more

      [1] https://issues.jboss.org/browse/JBEAP-10954
      [2] https://github.com/wildfly/wildfly-client-config/pull/7/files

      Attachments

        1. cli-test.cli
          2 kB
        2. cli-test.xml
          1 kB
        3. parse-authn-client-config-dep.war
          9 kB

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCC-5 Content of wildfly.config.url is parsed incorrectly for non-absolute URI

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-11466 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta28

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10954 (7.1.z) System property wildfly.config.url does not work with Windows path to local file without protocol

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: