[
https://issues.apache.org/jira/browse/QPID-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7414:
-----------------------------
Description:
Colon charcaters in user name for authentication providers of types
PlainPasswordFile and Base64MD5PasswordFile cause failures on opening of such
authentication providers on broker startup. As result, authentication fails
for any user account belonging to the impacted authentication provider. The
user names with colons would need to be removed manually from the configuration
files in order to recover from the issue.
Colons in user password for PlainPasswordFile results in the same issue.
The exception similar to the one below is reported for the above:
{noformat}
ERROR [Broker-Config] (o.a.q.s.m.AbstractConfiguredObject) - Failed to open
object with name 'passwordFile'. Object will be put into ERROR state.
java.lang.IllegalArgumentException: User Data should be length 2, username,
password
at
org.apache.qpid.server.security.auth.database.PlainUser.<init>(PlainUser.java:37)
~[classes/:na]
at
org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.createUserFromFileData(PlainPasswordFilePrincipalDatabase.java:132)
~[classes/:na]
at
org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.createUserFromFileData(PlainPasswordFilePrincipalDatabase.java:56)
~[classes/:na]
at
org.apache.qpid.server.security.auth.database.AbstractPasswordFilePrincipalDatabase.loadPasswordFile(AbstractPasswordFilePrincipalDatabase.java:213)
~[classes/:na]
at
org.apache.qpid.server.security.auth.database.AbstractPasswordFilePrincipalDatabase.open(AbstractPasswordFilePrincipalDatabase.java:82)
~[classes/:na]
at
org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.initialise(PrincipalDatabaseAuthenticationManager.java:143)
~[classes/:na]
at
org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.onOpen(PrincipalDatabaseAuthenticationManager.java:120)
~[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject.doOpening(AbstractConfiguredObject.java:1095)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$9.performAction(AbstractConfiguredObject.java:1110)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$9.performAction(AbstractConfiguredObject.java:1098)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject.applyToChildren(AbstractConfiguredObject.java:1269)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject.doOpening(AbstractConfiguredObject.java:1097)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:583)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:571)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:632)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:625)
[classes/:na]
at
org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:240)
[classes/:na]
at
org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submitWrappedTask(TaskExecutorImpl.java:157)
[classes/:na]
at
org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submit(TaskExecutorImpl.java:145)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject.doOnConfigThread(AbstractConfiguredObject.java:624)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject.openAsync(AbstractConfiguredObject.java:570)
[classes/:na]
at
org.apache.qpid.server.model.AbstractSystemConfig.activate(AbstractSystemConfig.java:237)
[classes/:na]
{noformat}
was:
Semi-colons in user name for authentication providers of types
PlainPasswordFile and Base64MD5PasswordFile cause failures on opening of such
authentication providers on broker startup. As result, authentication fails
for any user account belonging to the impacted authentication provider. The
user names with semi-colons would need to be removed manually from the
configuration files in order to recover from the issue.
Semi-colons in user password for PlainPasswordFile results in the same issue.
The exception similar to the one below is reported for the above:
{noformat}
ERROR [Broker-Config] (o.a.q.s.m.AbstractConfiguredObject) - Failed to open
object with name 'passwordFile'. Object will be put into ERROR state.
java.lang.IllegalArgumentException: User Data should be length 2, username,
password
at
org.apache.qpid.server.security.auth.database.PlainUser.<init>(PlainUser.java:37)
~[classes/:na]
at
org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.createUserFromFileData(PlainPasswordFilePrincipalDatabase.java:132)
~[classes/:na]
at
org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.createUserFromFileData(PlainPasswordFilePrincipalDatabase.java:56)
~[classes/:na]
at
org.apache.qpid.server.security.auth.database.AbstractPasswordFilePrincipalDatabase.loadPasswordFile(AbstractPasswordFilePrincipalDatabase.java:213)
~[classes/:na]
at
org.apache.qpid.server.security.auth.database.AbstractPasswordFilePrincipalDatabase.open(AbstractPasswordFilePrincipalDatabase.java:82)
~[classes/:na]
at
org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.initialise(PrincipalDatabaseAuthenticationManager.java:143)
~[classes/:na]
at
org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.onOpen(PrincipalDatabaseAuthenticationManager.java:120)
~[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject.doOpening(AbstractConfiguredObject.java:1095)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$9.performAction(AbstractConfiguredObject.java:1110)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$9.performAction(AbstractConfiguredObject.java:1098)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject.applyToChildren(AbstractConfiguredObject.java:1269)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject.doOpening(AbstractConfiguredObject.java:1097)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:583)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:571)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:632)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:625)
[classes/:na]
at
org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:240)
[classes/:na]
at
org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submitWrappedTask(TaskExecutorImpl.java:157)
[classes/:na]
at
org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submit(TaskExecutorImpl.java:145)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject.doOnConfigThread(AbstractConfiguredObject.java:624)
[classes/:na]
at
org.apache.qpid.server.model.AbstractConfiguredObject.openAsync(AbstractConfiguredObject.java:570)
[classes/:na]
at
org.apache.qpid.server.model.AbstractSystemConfig.activate(AbstractSystemConfig.java:237)
[classes/:na]
{noformat}
Summary: [Java Broker] File based authentication providers
PlainPasswordFile and Base64MD5PasswordFile should allow colons in usernames
and passwords (was: [Java Broker] File based authentication providers
PlainPasswordFile and Base64MD5PasswordFile should allow semi-colons in
usernames and passwords)
> [Java Broker] File based authentication providers PlainPasswordFile and
> Base64MD5PasswordFile should allow colons in usernames and passwords
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-7414
> URL: https://issues.apache.org/jira/browse/QPID-7414
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
> Affects Versions: 0.18, 0.20, 0.22, 0.24, 0.26, 0.28, 0.30, 0.32,
> qpid-java-6.0, qpid-java-6.0.1, qpid-java-6.0.2, qpid-java-6.0.3,
> qpid-java-6.0.4
> Reporter: Alex Rudyy
>
> Colon charcaters in user name for authentication providers of types
> PlainPasswordFile and Base64MD5PasswordFile cause failures on opening of such
> authentication providers on broker startup. As result, authentication fails
> for any user account belonging to the impacted authentication provider. The
> user names with colons would need to be removed manually from the
> configuration files in order to recover from the issue.
> Colons in user password for PlainPasswordFile results in the same issue.
> The exception similar to the one below is reported for the above:
> {noformat}
> ERROR [Broker-Config] (o.a.q.s.m.AbstractConfiguredObject) - Failed to open
> object with name 'passwordFile'. Object will be put into ERROR state.
> java.lang.IllegalArgumentException: User Data should be length 2, username,
> password
> at
> org.apache.qpid.server.security.auth.database.PlainUser.<init>(PlainUser.java:37)
> ~[classes/:na]
> at
> org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.createUserFromFileData(PlainPasswordFilePrincipalDatabase.java:132)
> ~[classes/:na]
> at
> org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.createUserFromFileData(PlainPasswordFilePrincipalDatabase.java:56)
> ~[classes/:na]
> at
> org.apache.qpid.server.security.auth.database.AbstractPasswordFilePrincipalDatabase.loadPasswordFile(AbstractPasswordFilePrincipalDatabase.java:213)
> ~[classes/:na]
> at
> org.apache.qpid.server.security.auth.database.AbstractPasswordFilePrincipalDatabase.open(AbstractPasswordFilePrincipalDatabase.java:82)
> ~[classes/:na]
> at
> org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.initialise(PrincipalDatabaseAuthenticationManager.java:143)
> ~[classes/:na]
> at
> org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.onOpen(PrincipalDatabaseAuthenticationManager.java:120)
> ~[classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.doOpening(AbstractConfiguredObject.java:1095)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$9.performAction(AbstractConfiguredObject.java:1110)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$9.performAction(AbstractConfiguredObject.java:1098)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.applyToChildren(AbstractConfiguredObject.java:1269)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.doOpening(AbstractConfiguredObject.java:1097)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:583)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:571)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:632)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:625)
> [classes/:na]
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:240)
> [classes/:na]
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submitWrappedTask(TaskExecutorImpl.java:157)
> [classes/:na]
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submit(TaskExecutorImpl.java:145)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.doOnConfigThread(AbstractConfiguredObject.java:624)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.openAsync(AbstractConfiguredObject.java:570)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractSystemConfig.activate(AbstractSystemConfig.java:237)
> [classes/:na]
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
