Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9975

Elytron, incorrect IPv6 address resolution in SetMechanismInformationMechanismFactory

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.DR17
    • 7.1.0.DR15
    • Security
    • None
    • Hide
      Show
      Follows step https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1.alpha/html-single/how_to_set_up_sso_with_kerberos/#secure_mgmt_interface_krb_elytron in IPv6 environment * /subsystem=elytron/http-authentication-factory=example-krb-http-auth:add( \ http-server-mechanism-factory=global, \ security-domain=exampleFsSD, \ mechanism-configurations=[ \ { \ mechanism-name=SPNEGO,\ mechanism-realm-configurations= \ [ \ { \ realm-name=exampleFsSD \ } \ ], \ host-name=[::1],\ credential-security-factory=krbSF \ } \ ] \ ) Ensure in /etc/hosts there is not line similar ::1 localhost6.localdomain6 localhost6 , otherwise [::1] resolves into localhost6

    Description

      There is code in Elytron

      SetMechanismInformationMechanismFactory.java
      @Override
            public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException {
                String host = request.getFirstRequestHeaderValue(HOST);
                String resolvedHostName = null;
                if (host != null) {
                  if (host.startsWith("[")) {
                      int close = host.indexOf(']');
                      if (close > 0) {
                          resolvedHostName = host.substring(0, close);
                      }
                  }

      I assume intention of this code is to get from e.g. "[::1]:8080" just "[::1]", but now it gets only "[::1". To achieve this my assumption, there should be rather

      resolvedHostName = host.substring(0, close + 1);

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-1040 Elytron, incorrect IPv6 address resolution

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-10016 Upgrade WildFly Elytron to 1.1.0.Beta35

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              thofman Tomas Hofman
              mchoma@redhat.com Martin Choma
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: