Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-6641

Elytron properties-realm is not compatible with legacy user property files

    XMLWordPrintable

Details

    • Hide

      For trying how it works in legacy security solution:
      1) add following to $SERVER_HOME/standalone/configuration/mgmt-users.properties:

      elytron:password
!elytron=password
elytronumlautöäü=password
elytron用戶=password
backslash\\=password
backslash\\inthemiddle=password
dn\=elytron,dc\=wildfly,dc\=org=password
elytron1=pass=word
elytron2=password\\
elytron3=pass\\word
elytron4=passwordWithumlautöäü
elytron5=用戶

      2) configure ManagementRealm to use plain-text password:

      /core-service=management/security-realm=ManagementRealm/authentication=properties:write-attribute(name=plain-text,value=true)

      3) remove local authentication:

      /core-service=management/security-realm=ManagementRealm/authentication=local:remove()

      4) Try to login to jboss-cli with users mentioned in this JIRA description -> all pass (except !elytron/password which correctly fail)

      For reproduction this issue in Elytron, use related tests from org.wildfly.security.auth.realm.LegacyPropertiesSecurityRealmTest in Elytron unit tests.

      Show
      For trying how it works in legacy security solution: 1) add following to $SERVER_HOME/standalone/configuration/mgmt-users.properties : elytron:password !elytron=password elytronumlautöäü=password elytron用戶=password backslash\\=password backslash\\inthemiddle=password dn\=elytron,dc\=wildfly,dc\=org=password elytron1=pass=word elytron2=password\\ elytron3=pass\\word elytron4=passwordWithumlautöäü elytron5=用戶 2) configure ManagementRealm to use plain-text password: /core-service=management/security-realm=ManagementRealm/authentication=properties:write-attribute(name=plain-text,value= true ) 3) remove local authentication: /core-service=management/security-realm=ManagementRealm/authentication=local:remove() 4) Try to login to jboss-cli with users mentioned in this JIRA description -> all pass (except !elytron/password which correctly fail) For reproduction this issue in Elytron, use related tests from org.wildfly.security.auth.realm.LegacyPropertiesSecurityRealmTest in Elytron unit tests.

    Description

      When users properties file (e.g. mgmt-users.properties) used by legacy properties security realm is taken and used with Elytron properties-realm (backed by org.wildfly.security.auth.realm.LegacyPropertiesSecurityRealm) then there exist username/password combinations which do not works correctly.

      Following scenarios which uses mentioned below username/password work correctly for properties file used by legacy solution and do not work for Elytron:

      elytron:password                            // results to username elytron with password password
elytronumlautöäü=password                   // results to username elytronumlautöäü with password password
elytron用戶=password                        // results to username elytron用戶 with password password
backslash\\=password                        // results to username backslash\ with password password
backslash\\inthemiddle=password             // results to username backslash\inthemiddle with password password
dn\=elytron,dc\=wildfly,dc\=org=password    // results to username dn=elytron,dc=wildfly,dc=org with password password
elytron1=pass=word                          // results to username elytron1 with password pass=word - covered by JBEAP-6581
elytron2=password\\                         // results to username elytron2 with password password\
elytron3=pass\\word                         // results to username elytron3 with password pass\word
elytron4=passwordWithumlautöäü              // results to username elytron4 with password passwordWithumlautöäü
elytron5=用戶                               // results to username elytron5 with password 用戶

      Also '!' can be used for comments. It means that !elytron=password should not be considered as user !elytron but as comment.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-691 Elytron properties-realm is not compatible with legacy user property files

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: