[jboss-jira] [JBoss JIRA] (ELY-1248) Elytron client configuration file throws ConfigXMLParseException when crypt-password is used

Pedro Igor (JIRA) issues at jboss.org
Wed Jun 21 08:19:00 EDT 2017 

    [ https://issues.jboss.org/browse/ELY-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13424639#comment-13424639 ] 

Pedro Igor commented on ELY-1248:
---------------------------------

Can we close this one as it seems to not be a issue anymore due to https://issues.jboss.org/browse/ELY-1252 ?

> Elytron client configuration file throws ConfigXMLParseException when crypt-password is used
> --------------------------------------------------------------------------------------------
>
>                 Key: ELY-1248
>                 URL: https://issues.jboss.org/browse/ELY-1248
>             Project: WildFly Elytron
>          Issue Type: Bug
>    Affects Versions: 1.1.0.Beta52
>            Reporter: Ondrej Lukas
>            Assignee: Pedro Igor
>            Priority: Blocker
>
> When Elytron client configuration file includes {{configuration.authentication-client.authentication-configurations.configuration.credentials.crypt-password}} element then ConfigXMLParseException is thrown during parsing of configuration file. It seems it is caused by {{$}} char in crypt value. It does not work even if this symbol is escaped.
> For following configuration file:
> {code}
> <configuration>
>     <authentication-client xmlns="urn:elytron:1.0">
>         <authentication-rules>
>             <rule use-configuration="default"/>
>         </authentication-rules>
>         <authentication-configurations>
>             <configuration name="default">
>                 <sasl-mechanism-selector selector="DIGEST-MD5"/>
>                 <credentials>
>                     <crypt-password crypt="$1$somesalt$W.KCTbPSiFDGffAGOjcBc."/>
>                 </credentials>
>             </configuration>
>         </authentication-configurations>
>     </authentication-client>
> </configuration>
> {code}
> following exception is thrown:
> {code}
> org.wildfly.client.config.ConfigXMLParseException: CONF0020: Failed to parse expression value of attribute "crypt"
> 	at org.wildfly.common.expression.Expression.invalidExpressionSyntax(Expression.java:659)
> 	at org.wildfly.common.expression.Expression.parseString(Expression.java:509)
> 	at org.wildfly.common.expression.Expression.compile(Expression.java:203)
> 	at org.wildfly.common.expression.Expression.compile(Expression.java:183)
> 	at org.wildfly.client.config.ConfigurationXMLStreamReader.getExpressionAttributeValue(ConfigurationXMLStreamReader.java:683)
> 	at org.wildfly.client.config.ConfigurationXMLStreamReader.getAttributeValueResolved(ConfigurationXMLStreamReader.java:330)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$requireSingleAttribute$44(ElytronXmlParser.java:2361)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.requireSingleAttribute(ElytronXmlParser.java:2380)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.requireSingleAttribute(ElytronXmlParser.java:2361)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.parseCryptPassword(ElytronXmlParser.java:1059)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.parseCredentialsType(ElytronXmlParser.java:951)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationConfigurationType(ElytronXmlParser.java:714)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationConfigurationsType(ElytronXmlParser.java:341)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:273)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:185)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:164)
> 	...
> {code}
> It does not work even if dollar sign is escaped:
> {code}
> <crypt-password crypt="\$1\$somesalt\$W.KCTbPSiFDGffAGOjcBc."/>
> {code}
> Value of crypt was created in the same way as in UnixMD5CryptUtilTest [1].
> [1] https://github.com/wildfly-security/wildfly-elytron/blob/371c1334fde7527dedb626232260e6a3f5a988d3/src/test/java/org/wildfly/security/password/impl/UnixMD5CryptUtilTest.java#L69



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list