When Elytron client configuration file includes configuration.authentication-client.authentication-configurations.configuration.credentials.crypt-password element then ConfigXMLParseException is thrown during parsing of configuration file. It seems it is caused by $ char in crypt value. It does not work even if this symbol is escaped.
For following configuration file:
<configuration> <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <sasl-mechanism-selector selector="DIGEST-MD5"/> <credentials> <crypt-password crypt="$1$somesalt$W.KCTbPSiFDGffAGOjcBc."/> </credentials> </configuration> </authentication-configurations> </authentication-client> </configuration>
following exception is thrown:
org.wildfly.client.config.ConfigXMLParseException: CONF0020: Failed to parse expression value of attribute "crypt"
at org.wildfly.common.expression.Expression.invalidExpressionSyntax(Expression.java:659)
at org.wildfly.common.expression.Expression.parseString(Expression.java:509)
at org.wildfly.common.expression.Expression.compile(Expression.java:203)
at org.wildfly.common.expression.Expression.compile(Expression.java:183)
at org.wildfly.client.config.ConfigurationXMLStreamReader.getExpressionAttributeValue(ConfigurationXMLStreamReader.java:683)
at org.wildfly.client.config.ConfigurationXMLStreamReader.getAttributeValueResolved(ConfigurationXMLStreamReader.java:330)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$requireSingleAttribute$44(ElytronXmlParser.java:2361)
at org.wildfly.security.auth.client.ElytronXmlParser.requireSingleAttribute(ElytronXmlParser.java:2380)
at org.wildfly.security.auth.client.ElytronXmlParser.requireSingleAttribute(ElytronXmlParser.java:2361)
at org.wildfly.security.auth.client.ElytronXmlParser.parseCryptPassword(ElytronXmlParser.java:1059)
at org.wildfly.security.auth.client.ElytronXmlParser.parseCredentialsType(ElytronXmlParser.java:951)
at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationConfigurationType(ElytronXmlParser.java:714)
at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationConfigurationsType(ElytronXmlParser.java:341)
at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:273)
at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:185)
at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:164)
...
It does not work even if dollar sign is escaped:
<crypt-password crypt="\$1\$somesalt\$W.KCTbPSiFDGffAGOjcBc."/>
Value of crypt was created in the same way as in UnixMD5CryptUtilTest [1].
We request blocker flag since using hashed password is not possible in Elytron client configuration file which breaks feature in RFE EAP7-567 Client Side Security (Elytron Client).
- is cloned by
-
ELY-1248 Elytron client configuration file throws ConfigXMLParseException when crypt-password is used
- Resolved
- is incorporated by
-
JBEAP-11640 Revisit hashed-password and crypt-password credentials in Elytron client configuration file
- Closed