Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8810

User names in Elytron FileSystemRealm are not case sensitive on Windows

    XMLWordPrintable

Details

    • Not Required
    • Hide

      See BasicAuthnTestCase in https://github.com/wildfly/wildfly/pull/9619.

      Add user1 to a filesystem realm (lowercase 'u'):

      /subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user1:add()
/subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user1:set-password(clear={password="password1"})
/subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user1:add-attribute(name=groups, value=["Users","Role1"])

      Try to log into application (mapped to the filesystem realm) as User1 (uppercase 'U') - it fails on Linux, but it passes on Windows.

      Show
      See BasicAuthnTestCase in https://github.com/wildfly/wildfly/pull/9619 . Add user1 to a filesystem realm (lowercase 'u'): /subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user1:add() /subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user1:set-password(clear={password= "password1" }) /subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user1:add-attribute(name=groups, value=[ "Users" , "Role1" ]) Try to log into application (mapped to the filesystem realm) as User1 (uppercase 'U') - it fails on Linux, but it passes on Windows.

    Description

      User names are case sensitive on Linux but not on Windows when using the Elytron FileSystemSecurityRealm

      This is IMO a security issue. And it also affects platform certifications.

      If this is by any chance an expected behavior, then it has to be emphasized in documentation and in the domain model too (description of file-system-realm)

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-945 User names in Elytron FileSystemRealm are not case sensitive on Windows

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2560 User names in Elytron FileSystemRealm are not case sensitive on Windows

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-9571 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta13

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-10845 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta23

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-11020 Upgrade WildFly Elytron to 1.1.0.Beta44

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10255 Elytron, remove case-sensistive attribute from security realm configurations

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: