Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-1083

Login Module is messed up when one of the module-option is empty

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • None
    • None
    • CLI
    • None

    Description

      When one of the module-option is given as empty the whole login-module is messed up. But in real time there will be cases where the module-option can be empty. For Eg. while configuring org.jboss.security.auth.spi.LdapLoginModule, the principalDNPrefix can be empty

      Command with principalDNPrefix empty

      /subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapLoginModule33:add(code=org.jboss.security.auth.spi.LdapLoginModule, flag=sufficient, module-options=[ "java.naming.provider.url" => "ldap://ldaphost.jboss.org:1", "java.naming.security.authentication" => "simple", "principalDNPrefix" => "", "principalDNSuffix" => ",ou=People,o=jboss.org", "allowEmptyPasswords" => "false", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "throwValidateError" => "true" ])

      {allow-resource-service-restart=true}

      Output in standalone-full.xml

      Wrong value is stored as principalDNPrefix

      <login-module name="org.jboss.security.auth.spi.LdapLoginModule33" code="org.jboss.security.auth.spi.LdapLoginModule" flag="sufficient">
      <module-option name="java.naming.provider.url" value="ldap://ldaphost.jboss.org:1"/>
      <module-option name="java.naming.security.authentication" value="simple"/>
      <module-option name="principalDNPrefix" value="principalDNSuffix"/>
      <module-option name="allowEmptyPasswords" value="false"/>
      <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
      <module-option name="throwValidateError" value="true"/>
      </login-module>


      Command with principalDNPrefix with some value

      /subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapLoginModule44:add(code=org.jboss.security.auth.spi.LdapLoginModule, flag=sufficient, module-options=[ "java.naming.provider.url" => "ldap://ldaphost.jboss.org:1", "java.naming.security.authentication" => "simple", "principalDNPrefix" => "test", "principalDNSuffix" => ",ou=People,o=jboss.org", "allowEmptyPasswords" => "false", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "throwValidateError" => "true" ]){allow-resource-service-restart=true}

      Output in standalone-full.xml

      Values are stored correctly.

      <login-module name="org.jboss.security.auth.spi.LdapLoginModule44" code="org.jboss.security.auth.spi.LdapLoginModule" flag="sufficient">
      <module-option name="java.naming.provider.url" value="ldap://ldaphost.jboss.org:1"/>
      <module-option name="java.naming.security.authentication" value="simple"/>
      <module-option name="principalDNPrefix" value="test"/>
      <module-option name="principalDNSuffix" value=",ou=People,o=jboss.org"/>
      <module-option name="allowEmptyPasswords" value="false"/>
      <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
      <module-option name="throwValidateError" value="true"/>
      </login-module>

      Attachments

        Activity

          People

            olubyans@redhat.com Alexey Loubyansky
            jprasanna_jira J Prasanna Venkatesan (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: