Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.0.0.DR12
Affects Version/s: 7.0.0.DR11
Component/s: Management, Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.0.0.GA
Steps to Reproduce:
Hide

1. Create users.properties file with content:

backslash\\=password backslash\\inthemiddle=password

2. Add following security realm to standalone.xml (set path to users.properties file instead of PATH_TO_USERS_PROPERTIES):

<security-realm name="delimiters-test"> <authentication> <properties path="PATH_TO_USERS_PROPERTIES" plain-text="true"/> </authentication> </security-realm>

3. Set "delimiters-test" security realm for http-interface:

<http-interface security-realm="delimiters-test" http-upgrade-enabled="true">

4. Start server and access page http://localhost:9990/management?operation=attribute&name=server-state

Username: backslash\inthemiddle
Password: password
-> work fine, page with text "running" is displayed

Username: backslash\
Password: password
-> does not work, 401 HTTP status code is returned
Show
1. Create users.properties file with content: backslash\\=password backslash\\inthemiddle=password 2. Add following security realm to standalone.xml (set path to users.properties file instead of PATH_TO_USERS_PROPERTIES): <security-realm name= "delimiters-test" > <authentication> <properties path= "PATH_TO_USERS_PROPERTIES" plain-text= "true" /> </authentication> </security-realm> 3. Set "delimiters-test" security realm for http-interface: <http-interface security-realm= "delimiters-test" http-upgrade-enabled= "true" > 4. Start server and access page http://localhost:9990/management?operation=attribute&name=server-state Username: backslash\inthemiddle Password: password -> work fine, page with text "running" is displayed Username: backslash\ Password: password -> does not work, 401 HTTP status code is returned

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

In case when username finish with backslash then properties authentication in security realm does not work. It works correctly when backslash is used in the middle of username. It works correctly in EAP 6.4.0.

Following expection is thrown:

java.lang.IllegalArgumentException: UT000025: Unexpected token 'delimiters-test", nonce' within header.
	at io.undertow.util.HeaderTokenParser.parseHeader(HeaderTokenParser.java:68)
	at io.undertow.security.impl.DigestAuthorizationToken.parseHeader(DigestAuthorizationToken.java:79)
	at io.undertow.security.impl.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:156)
	at org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper.authenticate(AuthenticationMechanismWrapper.java:52)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
	at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
	at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
	at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:198)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:784)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

is blocked by

WFCORE-1040 Digest authentication mechanism unable to parse headers where username terminated with trailing '\'

Resolved

WFLY-5561 Digest authentication mechanism unable to parse headers where username terminated with trailing '\'

Closed

is cloned by

WFCORE-1040 Digest authentication mechanism unable to parse headers where username terminated with trailing '\'

Resolved

Assignee:: Darran Lofthouse

Reporter:: Ondrej Lukas (Inactive)

Tester:: Ondrej Lukas (Inactive)

QA Contact:: Ondrej Lukas (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2015/10/07 3:31 AM

Updated:: 2020/09/14 5:31 AM

Resolved:: 2015/11/03 11:14 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates