[jboss-jira] [JBoss JIRA] (ELY-494) DigestServerFactory should only use AvailableRealmsCallback to get realms, not the legacy property list

David Lloyd (JIRA) issues at jboss.org
Tue Apr 12 13:14:00 EDT 2016 

    [ https://issues.jboss.org/browse/ELY-494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13190768#comment-13190768 ] 

David Lloyd commented on ELY-494:
---------------------------------

Upon further reflection, transforming the realm name is probably not a good idea: clients might depend on specific names, and they might be unforgiving about variation.  Better to fail the authentication instead.

> DigestServerFactory should only use AvailableRealmsCallback to get realms, not the legacy property list
> -------------------------------------------------------------------------------------------------------
>
>                 Key: ELY-494
>                 URL: https://issues.jboss.org/browse/ELY-494
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SASL
>            Reporter: David Lloyd
>
> We use a different delimiter for the {{com.sun.security.sasl.digest.realm}} property than the JDK, which uses commas, spaces, newlines, or tab characters.  This makes it impossible to correctly emulate the property to the mechanism while using the callback to acquire the actual list.  Since code changes would likely be required to use the new version with only a comma delimiter, it does not serve any compatibility purpose to continue to support this property.
> Instead we should do three things:
> * Eliminate property support from our DigestSaslServer
> * Add a wrapping SaslServerFactory which detects when a mechanism is trying to acquire a realm list by reading the {{com.sun.security.sasl.digest.realm}} property, and uses the AvailableRealmsCallback to populate it (with a flag to support transformation of spaces, tabs, and newlines to NBSP (0xA0), and remove commas)
> * Add a wrapping SaslServerFactory which allows legacy users to specify a value for {{com.sun.security.sasl.digest.realm}}, and uses it to support AvailableRealmsCallback if that property was set, with programmable delimiters



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list