[jboss-jira] [JBoss JIRA] (AS7-3168) Admin console: issues with creation of system properties

Rostislav Svoboda (JIRA) jira-events at lists.jboss.org
Wed Jan 25 08:34:48 EST 2012 

     [ https://issues.jboss.org/browse/AS7-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rostislav Svoboda reopened AS7-3168:
------------------------------------



Hi Heiko.

If you are still objecting :), please at least check if the input is ASCII only - see for example http://stackoverflow.com/questions/3585053/in-java-is-it-possible-to-check-if-a-string-is-only-ascii

Enterprise solution should recover from such trivial attack. Currently you are forced to shutdown the server and edit xml file to see properties again.

Another way should be to simulate native2ascii tool from JDK, check last 3 private methods in http://code.google.com/p/native2ascii/source/browse/trunk/src/cn/edu/buaa/etei/native2ascii/PropertiesBuilder.java?r=7

> Failed to decode response: java.lang.IllegalStateException: Illegal byte 195
When did it happen - when reading properties from model or when persisting new property?

                
> Admin console: issues with creation of system properties
> --------------------------------------------------------
>
>                 Key: AS7-3168
>                 URL: https://issues.jboss.org/browse/AS7-3168
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Console
>            Reporter: Jan Martiska
>            Assignee: Heiko Braun
>             Fix For: 7.1.0.Final
>
>
> Admin console doesn't currently verify the property's name when creating a system property. The creation will fail when it is sent to server, it should fail in the console itself, because console can verify if property's name is invalid. Server side failure should only occur when a property with the same name already exists.
> Furthermore, it seems that in some scenarios, when you use an invalid name of a system property, for example containing some national characters, such as ěščžěščřěščř, the system property WILL get created (and will exist on the server), but the admin console will be UNABLE to show any of the existing system properties - when you navigate to system property page, it will show an empty table!!!! This will require deleting this property using CLI before system property management can be used in admin console again. 
> This also happens if the property's value has national characters.
> NOTE: other than system properties, this applies to OSGi framework properties and most likely more property types as well.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list