[jboss-jira] [JBoss JIRA] (WFCORE-1040) Properties authentication in Security Realms does not work with username finishing with backslash

Brian Stansberry (JIRA) issues at jboss.org
Wed Oct 7 14:01:01 EDT 2015 

     [ https://issues.jboss.org/browse/WFCORE-1040?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Stansberry moved WFLY-5482 to WFCORE-1040:
------------------------------------------------

              Project: WildFly Core  (was: WildFly)
                  Key: WFCORE-1040  (was: WFLY-5482)
          Component/s: Domain Management
                       Security
                           (was: Domain Management)
                           (was: Security)
    Affects Version/s: 2.0.0.CR5
                           (was: 10.0.0.CR2)


> Properties authentication in Security Realms does not work with username finishing with backslash
> -------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-1040
>                 URL: https://issues.jboss.org/browse/WFCORE-1040
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Domain Management, Security
>    Affects Versions: 2.0.0.CR5
>            Reporter: Ondrej Lukas
>            Assignee: Brian Stansberry
>            Priority: Critical
>
> In case when username finish with backslash then properties authentication in security realm does not work. It works correctly when backslash is used in the middle of username.
> Following expection is thrown:
> {code}
> java.lang.IllegalArgumentException: UT000025: Unexpected token 'delimiters-test", nonce' within header.
> 	at io.undertow.util.HeaderTokenParser.parseHeader(HeaderTokenParser.java:68)
> 	at io.undertow.security.impl.DigestAuthorizationToken.parseHeader(DigestAuthorizationToken.java:79)
> 	at io.undertow.security.impl.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:156)
> 	at org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper.authenticate(AuthenticationMechanismWrapper.java:52)
> 	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
> 	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
> 	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
> 	at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
> 	at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
> 	at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
> 	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
> 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:198)
> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:784)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list