[jboss-jira] [JBoss JIRA] (WFLY-5482) Properties authentication in Security Realms does not work with username finishing with backslash

Ondrej Lukas (JIRA) issues at jboss.org
Wed Oct 7 03:34:00 EDT 2015 

     [ https://issues.jboss.org/browse/WFLY-5482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ondrej Lukas updated WFLY-5482:
-------------------------------
           Description: In case when username finish with backslash then properties authentication in security realm does not work. It works correctly when backslash is used in the middle of username.  (was: In case when username finish with backslash then properties authentication in security realm does not work. It works correctly when backslash is used in the middle of username. It works correctly in EAP 6.4.0.)
    Steps to Reproduce: 
1. Create users.properties file with content:
{code}
backslash\\=password
backslash\\inthemiddle=password
{code}

2. Add following security realm to standalone.xml (set path to users.properties file instead of PATH_TO_USERS_PROPERTIES):
{code:xml}
<security-realm name="delimiters-test">
    <authentication>
        <properties path="PATH_TO_USERS_PROPERTIES" plain-text="true"/>
    </authentication>
</security-realm>
{code}

3. Set "delimiters-test" security realm for http-interface:
{code:xml}
<http-interface security-realm="delimiters-test" http-upgrade-enabled="true">
{code}

4. Start server and access page http://localhost:9990/management?operation=attribute&name=server-state

Username: backslash\inthemiddle
Password: password
-> work fine, page with text "running" is displayed

Username: backslash\
Password: password
-> does not work, 401 HTTP status code is returned

     Affects Version/s: 10.0.0.CR2


> Properties authentication in Security Realms does not work with username finishing with backslash
> -------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-5482
>                 URL: https://issues.jboss.org/browse/WFLY-5482
>             Project: WildFly
>          Issue Type: Bug
>          Components: Domain Management, Security
>    Affects Versions: 10.0.0.CR2
>            Reporter: Ondrej Lukas
>            Assignee: Brian Stansberry
>            Priority: Critical
>
> In case when username finish with backslash then properties authentication in security realm does not work. It works correctly when backslash is used in the middle of username.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list