Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11539

Content of wildfly.config.url is parsed incorrectly for non-absolute URI

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.ER2
    • 7.1.0.ER1
    • Security
    • None
    • Hide

      1) Enable Elytron authentication to management:

      <http-interface>
    <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
    <socket-binding http="management-http"/>
</http-interface>

      2) Add user to ManagementRealm:

      ./add-user.sh -m -u admin -p pass@123

      3) Create following wildfly-config.xml file with Elytron client configuration in location like /home/user/temp/wildfly-config.xml:

      <configuration>
    <authentication-client xmlns="urn:elytron:1.0">
        <authentication-rules>
            <rule use-configuration="auth-config"/>
        </authentication-rules>
        <authentication-configurations>
            <configuration name="auth-config">
                <sasl-mechanism-selector selector="DIGEST-MD5"/>
                <set-user-name name="admin"/>
                <credentials>
                    <clear-password password="pass@123"/>
                </credentials>
                <set-mechanism-realm name="ManagementRealm"/>
                <providers>
                    <use-service-loader/>
                </providers>
            </configuration>
        </authentication-configurations>
    </authentication-client>
</configuration>

      4) Deploy testing application which internally calls ElytronXmlParser.parseAuthenticationClientConfiguration(); and access URL like http://127.0.0.1:8080/parse-authn-client-config-dep/authenticationContext?localDescriptor=%2Fhome%2Fuser%2Ftemp%2Fwildfly-config.xml (note that value of localDescriptor must refer to your wildfly-config.xml) - ConfigXMLParseException is thrown, you will see that path from wildfly.config.url system property is parsed into value like /home/user/temp/jboss-eap-7.1/bin/home/user/temp/wildfly-config.xml

      Show
      1) Enable Elytron authentication to management: <http- interface > <http-upgrade enabled= " true " sasl-authentication-factory= "management-sasl-authentication" /> <socket-binding http= "management-http" /> </http- interface > 2) Add user to ManagementRealm: ./add-user.sh -m -u admin -p pass@123 3) Create following wildfly-config.xml file with Elytron client configuration in location like /home/user/temp/wildfly-config.xml : <configuration> <authentication-client xmlns= "urn:elytron:1.0" > <authentication-rules> <rule use-configuration= "auth-config" /> </authentication-rules> <authentication-configurations> <configuration name= "auth-config" > <sasl-mechanism-selector selector= "DIGEST-MD5" /> <set-user-name name= "admin" /> <credentials> <clear-password password= "pass@123" /> </credentials> <set-mechanism-realm name= "ManagementRealm" /> <providers> <use-service-loader/> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> 4) Deploy testing application which internally calls ElytronXmlParser.parseAuthenticationClientConfiguration(); and access URL like http://127.0.0.1:8080/parse-authn-client-config-dep/authenticationContext?localDescriptor=%2Fhome%2Fuser%2Ftemp%2Fwildfly-config.xml (note that value of localDescriptor must refer to your wildfly-config.xml) - ConfigXMLParseException is thrown, you will see that path from wildfly.config.url system property is parsed into value like /home/user/temp/jboss-eap-7.1/bin/home/user/temp/wildfly-config.xml

      When Elytron client tries to obtain ClientConfiguration through ClientConfiguration.getInstance() method and wildfly.config.url system property includes non-absolute URI then URI for obtaining Elytron Client configuration file is created incorrectly. It is created as value_of_user.dir_system_property+content_of_wildfly.config.url_system_property. It means that Elytron Client configuration file cannot be found and hence its content is not used by Elytron Client.

      This issue is regression between EAP 7.1.0.ER1 and EAP 7.1.0.DR19 (and EAP 7.1.0.Alpha). We request blocker since it breaks feature in RFE EAP7-567 Client Side Security (Elytron Client).

      It seems this issue is probably caused by fix of issue [1] in PR [2].

      Thrown exception:

      org.wildfly.client.config.ConfigXMLParseException: CONF0012: Failed to read from input source
	at file:///home/user/temp/jboss-eap-7.1/bin/home/user/temp/wildfly-config.xml
	at org.wildfly.client.config.ClientConfiguration.readConfiguration(ClientConfiguration.java:135)
	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:144)
	at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlServlet.java:120)
	... 41 more
Caused by: java.io.FileNotFoundException: /home/user/temp/jboss-eap-7.1/bin/home/user/temp/wildfly-config.xml (No such file or directory)
	at java.io.FileInputStream.open0(Native Method)
	at java.io.FileInputStream.open(FileInputStream.java:195)
	at java.io.FileInputStream.<init>(FileInputStream.java:138)
	at java.io.FileInputStream.<init>(FileInputStream.java:93)
	at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
	at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
	at org.wildfly.client.config.ClientConfiguration.streamOpener(ClientConfiguration.java:71)
	at org.wildfly.client.config.ClientConfiguration.readConfiguration(ClientConfiguration.java:131)
	... 43 more

      [1] https://issues.jboss.org/browse/JBEAP-10954
      [2] https://github.com/wildfly/wildfly-client-config/pull/7/files

        1. cli-test.cli
          2 kB
        2. cli-test.xml
          1 kB
        3. parse-authn-client-config-dep.war
          9 kB

            jkalina@redhat.com Jan Kalina (Inactive)
            olukas Ondrej Lukas (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: