glassfish
  1. glassfish
  2. GLASSFISH-18557

Password alias expanded, decoded value stored in domain.xml

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 4.0_b82_EE7MS7, 4.0
    • Component/s: admin
    • Labels:
      None
    • Environment:

      SUSE Linux Enterprise Server 11

      Description

      I created a password alias using the asadmin create-password-alias ldaprealm-password command and supplying the value fred.

      Then I created an LDAP realm using a command similar to the following (modulo any backslash or quoting errors):

      asadmin --port=7048 create-auth-realm --classname "com.sun.enterprise.security.auth.realm.ldap.LDAPRealm" --property "jaas-context=ldapRealm:directory=ldap\://myhost.goes.here\:389:base-dn=ou\=Users,ou\=SomeOrgUnit,o\=jenzabar.com:search-filter=cn\=%s:group-base-dn=ou\=Roles,ou\=SomeOrgUnit,o\=jenzabar.com:group-search-filter=member\=%d:group-target=cn:search-bind-dn=cn\=jxadmin,ou\=Users,ou\=SomeOrgUnit,o\=jenzabar.com:search-bind-password=${ALIAS=ldaprealm-password}" "MyRealm"
      

      Both the admin console and my domain.xml featured the value "fred" in plaintext.

      I expected that both would feature the literal string "$

      {ALIAS=ldaprealm-password}

      ".

        Activity

        Hide
        Anissa Lam added a comment -

        Fix by HCF (3/25)

        Show
        Anissa Lam added a comment - Fix by HCF (3/25)
        Hide
        Anissa Lam added a comment -

        Issues need to be addressed before 4.0 HCF (3/25)

        Show
        Anissa Lam added a comment - Issues need to be addressed before 4.0 HCF (3/25)
        Hide
        Anissa Lam added a comment -

        According to the bug report, the password is stored in plain text in domain.xml. Thats why console is displaying that in plain text as well.

        Transfer to 'admin' to look at this.

        Show
        Anissa Lam added a comment - According to the bug report, the password is stored in plain text in domain.xml. Thats why console is displaying that in plain text as well. Transfer to 'admin' to look at this.
        Hide
        Tom Mueller added a comment -

        Once the quoting in the command is corrected, then this problem is not reproducible on the trunk.

        Assuming Unix is being used (and Linux is indicated in the environment field), the --property argument should be surrounded with single quotes, and then within the password alias reference, the "=" must be quoted with a backslash (). So the command looks like this:

        asadmin create-auth-realm --classname "com.sun.enterprise.security.auth.realm.ldap.LDAPRealm" --property 'jaas-context=ldapRealm:directory=ldap\://myhost.goes.here\:389:base-dn=ou\=Users,ou\=SomeOrgUnit,o\=jenzabar.com:search-filter=cn\=%s:group-base-dn=ou\=Roles,ou\=SomeOrgUnit,o\=jenzabar.com:group-search-filter=member\=%d:group-target=cn:search-bind-dn=cn\=jxadmin,ou\=Users,ou\=SomeOrgUnit,o\=jenzabar.com:search-bind-password=$

        {ALIAS\=ldaprealm-password}

        ' MyRealm

        Show
        Tom Mueller added a comment - Once the quoting in the command is corrected, then this problem is not reproducible on the trunk. Assuming Unix is being used (and Linux is indicated in the environment field), the --property argument should be surrounded with single quotes, and then within the password alias reference, the "=" must be quoted with a backslash (). So the command looks like this: asadmin create-auth-realm --classname "com.sun.enterprise.security.auth.realm.ldap.LDAPRealm" --property 'jaas-context=ldapRealm:directory=ldap\://myhost.goes.here\:389:base-dn=ou\=Users,ou\=SomeOrgUnit,o\=jenzabar.com:search-filter=cn\=%s:group-base-dn=ou\=Roles,ou\=SomeOrgUnit,o\=jenzabar.com:group-search-filter=member\=%d:group-target=cn:search-bind-dn=cn\=jxadmin,ou\=Users,ou\=SomeOrgUnit,o\=jenzabar.com:search-bind-password=$ {ALIAS\=ldaprealm-password} ' MyRealm
        Hide
        Tom Mueller added a comment -

        The forum message that led to this issue is here:
        http://java.net/projects/glassfish/lists/users/archive/2012-03/message/476

        Show
        Tom Mueller added a comment - The forum message that led to this issue is here: http://java.net/projects/glassfish/lists/users/archive/2012-03/message/476
        Hide
        Tom Mueller added a comment -

        Nithya reported that this problem was fixed on the trunk on Feb 3, 2012. This appears to be in revision 52427.
        This was fixed as a result of BugDB bug 13656493 and the fix has been backported to 3.1.2.1 of Oracle GlassFish Server.

        Show
        Tom Mueller added a comment - Nithya reported that this problem was fixed on the trunk on Feb 3, 2012. This appears to be in revision 52427. This was fixed as a result of BugDB bug 13656493 and the fix has been backported to 3.1.2.1 of Oracle GlassFish Server.

          People

          • Assignee:
            Tom Mueller
            Reporter:
            ljnelson
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: