[
https://issues.jboss.org/browse/WFLY-5561?page=com.atlassian.jira.plugin....
]
Darran Lofthouse commented on WFLY-5561:
----------------------------------------
Am flagging as blocker so not accidentally bumped to the next release - this can be marked
as resolved as soon as the next core update is in.
Digest authentication mechanism unable to parse headers where
username terminated with trailing '\'
---------------------------------------------------------------------------------------------------
Key: WFLY-5561
URL:
https://issues.jboss.org/browse/WFLY-5561
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 10.0.0.CR3
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Priority: Blocker
Fix For: 10.0.0.Final
In case when username finish with backslash then properties authentication in security
realm does not work. It works correctly when backslash is used in the middle of username.
Following expection is thrown:
{code}
java.lang.IllegalArgumentException: UT000025: Unexpected token
'delimiters-test", nonce' within header.
at io.undertow.util.HeaderTokenParser.parseHeader(HeaderTokenParser.java:68)
at
io.undertow.security.impl.DigestAuthorizationToken.parseHeader(DigestAuthorizationToken.java:79)
at
io.undertow.security.impl.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:156)
at
org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper.authenticate(AuthenticationMechanismWrapper.java:52)
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
at
io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:198)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:784)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
{code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)