Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1046

Elytron properties-realm doesn't handle unicode sequences

    Details

    • Steps to Reproduce:
      Hide

      Store attached property files in standalone/configuration (replace existing ones). They contain 3 users mapped to JBossAdmin role. The usernames are the same as passwords:

      • user
      • admin
      • @!#?$%^&*()%+-{}用戶名اسمالمستخدمžščřžďťňäáéěëíýóůúüŽŠČŘŽĎŤŇÄÁÉĚËÍÝÓŮÚÜ

      Use following CLI to re-configure server to use plain-text credentials (legacy security way):

      /core-service=management/security-realm=ApplicationRealm/authentication=properties:write-attribute(name=plain-text, value=true)
      

      Deploy attached application and open it:

      Try to authenticate with all the usernames -> all 3 pass in this legacy configuration. Principal names are returned as response bodies.

      Reconfigure server to use Elytron:

      /subsystem=elytron/properties-realm=ApplicationRealm:write-attribute(name=users-properties.plain-text, value=true)
      /subsystem=undertow/application-security-domain=other:add(http-authentication-factory=application-http-authentication)
      reload
      

      Try again to authenticate with all the usernames -> only the "user" one passes because the 2 others has unicode escape sequences in it and Elytron is not able to handle them.

      Show
      Store attached property files in standalone/configuration (replace existing ones). They contain 3 users mapped to JBossAdmin role. The usernames are the same as passwords: user admin @!#?$%^&*()%+-{}用戶名اسمالمستخدمžščřžďťňäáéěëíýóůúüŽŠČŘŽĎŤŇÄÁÉĚËÍÝÓŮÚÜ Use following CLI to re-configure server to use plain-text credentials (legacy security way): /core-service=management/security-realm=ApplicationRealm/authentication=properties:write-attribute(name=plain-text, value= true ) Deploy attached application and open it: http://localhost:8080/secured/ Try to authenticate with all the usernames -> all 3 pass in this legacy configuration . Principal names are returned as response bodies. Reconfigure server to use Elytron: /subsystem=elytron/properties-realm=ApplicationRealm:write-attribute(name=users-properties.plain-text, value= true ) /subsystem=undertow/application-security-domain=other:add(http-authentication-factory=application-http-authentication) reload Try again to authenticate with all the usernames -> only the "user" one passes because the 2 others has unicode escape sequences in it and Elytron is not able to handle them .

      Description

      Users who use property-file based authentication with plain passwords can't authenticate with Elytron if the property file contains Unicode escape sequences (e.g. file generated by using a classical java.util.Properties). The same authentication works with legacy solution (/core-service=management/security-realm=ApplicationRealm/authentication=properties(plain-text=true, ...)).

      The LegacyPropertiesSecurityRealm implementation has to be able to support properties files which were supported by legacy security realms.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  baranowb Bartosz Baranowski
                  Reporter:
                  jcacek Josef Cacek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: