[jboss-jira] [JBoss JIRA] (ELY-691) Elytron properties-realm is not compatible with legacy user property files

Ondrej Lukas (JIRA) issues at jboss.org
Wed Oct 26 09:03:01 EDT 2016 

     [ https://issues.jboss.org/browse/ELY-691?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ondrej Lukas updated ELY-691:
-----------------------------
    Steps to Reproduce: 
For trying how it works in legacy security solution: 
1) add following to {{$SERVER_HOME/standalone/configuration/mgmt-users.properties}}:
{code}
elytron:password
!elytron=password
elytronumlautöäü=password
elytron用戶=password
backslash\\=password
backslash\\inthemiddle=password
dn\=elytron,dc\=wildfly,dc\=org=password
elytron1=pass=word
elytron2=password\\
elytron3=pass\\word
elytron4=passwordWithumlautöäü
elytron5=用戶
{code}

2) configure ManagementRealm to use plain-text password:
{code}
/core-service=management/security-realm=ManagementRealm/authentication=properties:write-attribute(name=plain-text,value=true)
{code}

3) remove local authentication:
{code}
/core-service=management/security-realm=ManagementRealm/authentication=local:remove()
{code}

4) Try to login to jboss-cli with users mentioned in this JIRA description -> all pass (except {{!elytron/password}} which correctly fail)


For reproduction this issue in Elytron, use related tests from {{org.wildfly.security.auth.realm.LegacyPropertiesSecurityRealmTest}} in Elytron unit tests.

  was:
For trying how it works in legacy security solution: 
1) add following to {{$SERVER_HOME/standalone/configuration/mgmt-users.properties}}:
{code}
elytron:password
!elytron=password
elytronumlautöäü=password
elytron用戶=password
backslash\\=password
backslash\\inthemiddle=password
dn\=elytron,dc\=wildfly,dc\=org=password
elytron1=pass=word
elytron2=password\\
elytron3=pass\\word
elytron4=passwordWithumlautöäü
elytron5=用戶
{code}

2) configure ManagementRealm to use plain-text password:
{code}
/core-service=management/security-realm=ManagementRealm/authentication=properties:write-attribute(name=plain-text,value=true)
{code}

3) remove local authentication:
{code}
/core-service=management/security-realm=ManagementRealm/authentication=local:remove()
{code}

4) Try to login to jboss-cli with users mentioned in this JIRA description -> all pass (except {{!elytron/password}} which correctly fail)



> Elytron properties-realm is not compatible with legacy user property files
> --------------------------------------------------------------------------
>
>                 Key: ELY-691
>                 URL: https://issues.jboss.org/browse/ELY-691
>             Project: WildFly Elytron
>          Issue Type: Bug
>    Affects Versions: 1.1.0.Beta11
>            Reporter: Ondrej Lukas
>            Assignee: Darran Lofthouse
>            Priority: Critical
>
> When users properties file (e.g. mgmt-users.properties) used by legacy properties security realm is taken and used with Elytron properties-realm (backed by {{org.wildfly.security.auth.realm.LegacyPropertiesSecurityRealm}}) then there exist username/password combinations which do not works correctly.
> Following scenarios which uses mentioned below username/password work correctly for properties file used by legacy solution and do not work for Elytron:
> {code}
> elytron:password                            // results to username elytron with password password
> elytronumlautöäü=password                   // results to username elytronumlautöäü with password password
> elytron用戶=password                        // results to username elytron用戶 with password password
> backslash\\=password                        // results to username backslash\ with password password
> backslash\\inthemiddle=password             // results to username backslash\inthemiddle with password password
> dn\=elytron,dc\=wildfly,dc\=org=password    // results to username dn=elytron,dc=wildfly,dc=org with password password
> elytron1=pass=word                          // results to username elytron1 with password pass=word - covered by JBEAP-6581
> elytron2=password\\                         // results to username elytron2 with password password\
> elytron3=pass\\word                         // results to username elytron3 with password pass\word
> elytron4=passwordWithumlautöäü              // results to username elytron4 with password passwordWithumlautöäü
> elytron5=用戶                               // results to username elytron5 with password 用戶
> {code}
> Also '!' can be used for comments. It means that {{!elytron=password}} should not be considered as user {{!elytron}} but as comment.



--
This message was sent by Atlassian JIRA
(v7.2.2#72004)

More information about the jboss-jira mailing list