-
Bug
-
Resolution: Done
-
Blocker
-
10.0.0.CR3
-
None
In case when username finish with backslash then properties authentication in security realm does not work. It works correctly when backslash is used in the middle of username.
Following expection is thrown:
java.lang.IllegalArgumentException: UT000025: Unexpected token 'delimiters-test", nonce' within header. at io.undertow.util.HeaderTokenParser.parseHeader(HeaderTokenParser.java:68) at io.undertow.security.impl.DigestAuthorizationToken.parseHeader(DigestAuthorizationToken.java:79) at io.undertow.security.impl.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:156) at org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper.authenticate(AuthenticationMechanismWrapper.java:52) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219) at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121) at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96) at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:198) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:784) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
- blocks
-
JBEAP-1274 Properties authentication in Security Realms does not work with username finishing with backslash
- Closed
- clones
-
WFCORE-1040 Digest authentication mechanism unable to parse headers where username terminated with trailing '\'
- Resolved
- is blocked by
-
WFCORE-1072 Upgrade to Undertow 1.3.2.Final
- Resolved