Announcement Announcement Module
Collapse
No announcement yet.
slash in username Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • slash in username

    Hi,

    i added a domain information to the username.
    Before, the username contained only the name "Robert", but it contains also the domain "LOCAL\Robert".

    The XwsSecurityInterceptor is configured with a usernametoken policy and is called fine for every request.



    Code:
    3379204 [http-8080-Processor24] INFO  security.JdbcAuthenticationProvider  - User 'LOCAL\Robert Glaser' successfully authenticated.
    3379204 [http-8080-Processor24] DEBUG support.XmlWebApplicationContext  - Publishing event in context [Root WebApplicationContext]: org.acegisecurity.event.authentication.AuthenticationSuccessEvent[source=[email protected]4ad2669: Username: EIMUser 'LOCAL\Robert Glaser' GGUID: F2F1FFD819E04F1B932F9C5328F4575C; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER]
    3379204 [http-8080-Processor24] WARN  authentication.LoggerListener  - Authentication event AuthenticationSuccessEvent: LOCAL\Robert Glaser; details: null
    3379204 [http-8080-Processor24] DEBUG security.EIMPasswordValidationCallbackHandler  - Authentication success: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@e4ad2669: Username: EIMUser 'LOCAL\Robert Glaser' GGUID: F2F1FFD819E04F1B932F9C5328F4575C; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER
    3387705 [http-8080-Processor24] WARN  xwss.XwsSecurityInterceptor  - Could not validate request: java.lang.IllegalArgumentException: improperly specified input name: CN=LOCAL\Robert Glaser; nested exception is com.sun.xml.wss.XWSSecurityException: java.lang.IllegalArgumentException: improperly specified input name: CN=LOCAL\Robert Glaser
    You can see, my authenticaton privider does an successful authentication, but after that the XwsSecurityInterceptor fails.
    It fails at this line
    Code:
    SOAPMessage result = processor.verifyInboundMessage(context);
    Any idea how i can avoid the XWSSecurityException execption?

    Cheers,

    Ingo

  • #2
    I have no idea, but perhaps you can ask on the XWSS forum/mailing list? It seems like an internal exception in XWSS.

    Comment


    • #3
      I used my debugger and got this info (for "LOCAL\Robert" as username):

      com.sun.xml.wss.XWSSecurityException:
      java.lang.IllegalArgumentException: improperly specified input name: CN=LOCAL\Robert Glaser
      java.io.IOException: Invalid escaped character in AVA: 'R'

      I also posted it to the XWSS mailing list, i'm waiting for an answer.

      Ingo

      Comment


      • #4
        Ah, in that case you might want to esape the back slash, i.e. make sure that it becomes LOCAL\\Robert

        Comment


        • #5
          I don't know, i think it's not that easy.
          My authentication works fine and seperates domain and name.

          I don't know what they are doing at
          Code:
           XWSSProcessor2_0Impl.verifyInboundMessage(ProcessingContext) line:117   
              XwsSecurityInterceptor.validateMessage(SoapMessage) line:153
          but as someone of the mailing list said:
          It's the same as:
          Code:
          String x500Name = "CN=" + "LOCAL\\Robert";
          Principal principal = new X500Principal(x500Name);
          I don't know that i suggest as solution?
          Please fix XWSS3 so that it'll acceppt backslashes in usernames?
          Please fix X500Principal?
          Should i switch to another char to seperate domain and name(i.e."LOCAL|Robert")?

          What do you think, Arjen?

          Ingo

          Comment


          • #6
            Yeah, it's really easy to reproduce with the sample program that you gave. That tells me that having a CN of "LOCAL\Robert" is probably not the way to go. And that's about as far as my knowledge goes, I'm afraid

            Perhaps somebody in the Acegi forum can help you? Though the problem is not related to Acegi, it is security related...

            Comment


            • #7
              Thank you Arjen.

              I think the value of a username token shouldn't be restricted to some chars - the backslash or # should also be possible.

              I'll discuss this with the XWSS guys. If i know more, i'll post it here.

              Cheers,

              Ingo

              Comment

              Working...
              X