[jboss-jira] [JBoss JIRA] (WFLY-5482) Properties authentication in Security Realms does not work with username finishing with backslash

Ondrej Lukas (JIRA) issues at jboss.org
Wed Oct 7 03:44:00 EDT 2015 

     [ https://issues.jboss.org/browse/WFLY-5482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ondrej Lukas updated WFLY-5482:
-------------------------------
    Description: 
In case when username finish with backslash then properties authentication in security realm does not work. It works correctly when backslash is used in the middle of username.

Following expection is thrown:
{code}
java.lang.IllegalArgumentException: UT000025: Unexpected token 'delimiters-test", nonce' within header.
	at io.undertow.util.HeaderTokenParser.parseHeader(HeaderTokenParser.java:68)
	at io.undertow.security.impl.DigestAuthorizationToken.parseHeader(DigestAuthorizationToken.java:79)
	at io.undertow.security.impl.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:156)
	at org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper.authenticate(AuthenticationMechanismWrapper.java:52)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
	at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
	at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
	at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:198)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:784)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
{code}

  was:In case when username finish with backslash then properties authentication in security realm does not work. It works correctly when backslash is used in the middle of username.



> Properties authentication in Security Realms does not work with username finishing with backslash
> -------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-5482
>                 URL: https://issues.jboss.org/browse/WFLY-5482
>             Project: WildFly
>          Issue Type: Bug
>          Components: Domain Management, Security
>    Affects Versions: 10.0.0.CR2
>            Reporter: Ondrej Lukas
>            Assignee: Brian Stansberry
>            Priority: Critical
>
> In case when username finish with backslash then properties authentication in security realm does not work. It works correctly when backslash is used in the middle of username.
> Following expection is thrown:
> {code}
> java.lang.IllegalArgumentException: UT000025: Unexpected token 'delimiters-test", nonce' within header.
> 	at io.undertow.util.HeaderTokenParser.parseHeader(HeaderTokenParser.java:68)
> 	at io.undertow.security.impl.DigestAuthorizationToken.parseHeader(DigestAuthorizationToken.java:79)
> 	at io.undertow.security.impl.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:156)
> 	at org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper.authenticate(AuthenticationMechanismWrapper.java:52)
> 	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
> 	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
> 	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
> 	at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
> 	at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
> 	at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
> 	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
> 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:198)
> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:784)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list