[jboss-jira] [JBoss JIRA] (WFCORE-1069) Properties authentication in Security Realms does not work with username finishing with backslash

Darran Lofthouse (JIRA) issues at jboss.org
Wed Oct 21 12:00:01 EDT 2015 

Darran Lofthouse created WFCORE-1069:
----------------------------------------

             Summary: Properties authentication in Security Realms does not work with username finishing with backslash
                 Key: WFCORE-1069
                 URL: https://issues.jboss.org/browse/WFCORE-1069
             Project: WildFly Core
          Issue Type: Bug
          Components: Domain Management, Security
    Affects Versions: 2.0.0.CR5
            Reporter: Darran Lofthouse
            Assignee: Darran Lofthouse
            Priority: Critical
             Fix For: 2.0.0.CR8


In case when username finish with backslash then properties authentication in security realm does not work. It works correctly when backslash is used in the middle of username.

Following expection is thrown:
{code}
java.lang.IllegalArgumentException: UT000025: Unexpected token 'delimiters-test", nonce' within header.
	at io.undertow.util.HeaderTokenParser.parseHeader(HeaderTokenParser.java:68)
	at io.undertow.security.impl.DigestAuthorizationToken.parseHeader(DigestAuthorizationToken.java:79)
	at io.undertow.security.impl.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:156)
	at org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper.authenticate(AuthenticationMechanismWrapper.java:52)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
	at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
	at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
	at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:198)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:784)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
{code}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list