[ https://issues.apache.org/jira/browse/KNOX-2782?focusedWorklogId=793119&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-793119 ]
ASF GitHub Bot logged work on KNOX-2782: ---------------------------------------- Author: ASF GitHub Bot Created on: 20/Jul/22 09:18 Start Date: 20/Jul/22 09:18 Worklog Time Spent: 10m Work Description: smolnar82 opened a new pull request, #610: URL: https://github.com/apache/knox/pull/610 ## What changes were proposed in this pull request? In order to make the `user-auth-test` KnoxCLI command work after the 1.6 Shiro upgrade, I'd to add the `invalidRequest` filter's object class (`org.apache.shiro.web.filter.InvalidRequestFilter`) into the `main` section in the generated shiro.ini. Without that change, an error was thrown (see the corresponding JIRA). ## How was this patch tested? Ran the `GatewayShiroAuthTest` that covers use-cases for Shiro LDAP authentication including a valid service URL with a semicolon (`;jsessionid=OI24B9ASD7BSSD`). Other than this I made sure the `user-auth-test` KnoxCLI command works: ``` $ bin/knoxcli.sh user-auth-test --cluster sandbox --u admin --p admin-password --d LDAP authentication successful! ``` Issue Time Tracking ------------------- Worklog Id: (was: 793119) Remaining Estimate: 0h Time Spent: 10m > Knox CLI user-auth-test command failure > --------------------------------------- > > Key: KNOX-2782 > URL: https://issues.apache.org/jira/browse/KNOX-2782 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI > Affects Versions: 1.6.0 > Reporter: Sandor Molnar > Assignee: Sandor Molnar > Priority: Major > Fix For: 2.0.0 > > Time Spent: 10m > Remaining Estimate: 0h > > There is an issue with KnoxCLI's {{user-auth-test}} command: > {noformat} > bin/knoxcli.sh user-auth-test --cluster sandbox --u admin --p admin-password > java.lang.IllegalArgumentException: Configuration error. Specified object > [invalidRequest] with property [blockSemicolon] without first defining that > object's class. Please first specify the class property first, e.g. myObject > = fully_qualified_class_name and then define additional properties. > org.apache.knox.gateway.util.KnoxCLI$LDAPCommand$BadSubjectException: Subject > could not be created with Shiro Config at sections=main,urls > For more information use --d for debug output. > ERR: Unable to authenticate user: admin {noformat} > The reason is, that 3 properties are added OOTB to the generated Shiro > configuration, under the "{{{}main{}}}" section, as per KNOX-2455 > {noformat} > params.putIfAbsent("main.invalidRequest.blockSemicolon", "false"); > params.putIfAbsent("main.invalidRequest.blockBackslash", "false"); > params.putIfAbsent("main.invalidRequest.blockNonAscii", "false"); > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)