[jboss-jira] [JBoss JIRA] (WFCORE-4582) Cannot create user with underscores in the name

Tue Jul 30 02:15:00 EDT 2019

    [ https://issues.jboss.org/browse/WFCORE-4582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13764517#comment-13764517 ] 

Thorsten Heit commented on WFCORE-4582:
---------------------------------------

What puzzles me:
Yesterday I've added an entry in {{<wildfly_home>/standalone/configuration/application-users.properties}} by manually creating the password hash according to the description in this file:

{code:bash}
%> echo "user_name=`echo -n 'user_name:ApplicationRealm:password' | md5sum | sed -e 's: \*-::g'`" >> standalone/configuration/application-users.properties
{code}

I then was able to access my application via basic authentication by using the above user_name:password entry...

It seems to me that only the add-user script / tool isn't currently able to create such users.

> Cannot create user with underscores in the name
> -----------------------------------------------
>
>                 Key: WFCORE-4582
>                 URL: https://issues.jboss.org/browse/WFCORE-4582
>             Project: WildFly Core
>          Issue Type: Enhancement
>    Affects Versions: 10.0.0.Beta2
>            Reporter: Thorsten Heit
>            Assignee: Jeff Mesnil
>            Priority: Minor
>
> On a fresh a Wildfly install (tested on 11.0.0.Final and 17.0.0.Final) I cannot create application users with underscores in the user name:
> {noformat}
> C:\Users\thorsten\bin\wildfly-11.0.0.Final\bin>add-user
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by __redirected.__SAXParserFactory (file:/C:/Users/thorsten/bin/wildfly-11.0.0.Final/jboss-modules.jar) to c
> onstructor com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl()
> WARNING: Please consider reporting this to the maintainers of __redirected.__SAXParserFactory
> WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
> WARNING: All illegal access operations will be denied in a future release
> What type of user do you wish to add?
>  a) Management User (mgmt-users.properties)
>  b) Application User (application-users.properties)
> (a): b
> Enter the details of the new user to add.
> Using realm 'ApplicationRealm' as discovered from the existing property files.
> Username : user_name
>  * Error *
> WFLYDM0028: Username must be alphanumeric with the exception of the following accepted symbols (",", "-", ".", "/", "=", "@", "\")
> Username (user_name) :
> {noformat}
> We use basic authentification to restrict access to our applications, and expect usernames in the format {{<prefix>\_<suffix>}} with {{<prefix>}} being a sequence of plain letters (a-z), followed by an underscore ("\_") and a number as {{<suffix>}}.
> This is possible with WebSphere and even Tomcat, but actually not in Wildfly.

--
This message was sent by Atlassian Jira
(v7.12.1#712002)