Login Module is messed up when one of the module-option is empty
jprasanna Oct 29, 2015 3:17 AMEnvironment:
CentOS Linux release 7.1.1503 (Core)
/usr/java/jdk1.8.0_45/
WildFly 8.2.0
Description:
When one of the module-option is given as empty the whole login-module is messed up. But in real time there will be cases where the module-option can be empty. For Eg. while configuring org.jboss.security.auth.spi.LdapLoginModule, the principalDNPrefix can be empty
Command with principalDNPrefix empty
/subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapLoginModule33:add(code=org.jboss.security.auth.spi.LdapLoginModule, flag=sufficient, module-options=[ "java.naming.provider.url" => "ldap://ldaphost.jboss.org:1", "java.naming.security.authentication" => "simple", "principalDNPrefix" => "", "principalDNSuffix" => ",ou=People,o=jboss.org", "allowEmptyPasswords" => "false", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "throwValidateError" => "true" ])
{allow-resource-service-restart=true}
Output in standalone-full.xml
Wrong value is stored as principalDNPrefix
<login-module name="org.jboss.security.auth.spi.LdapLoginModule33" code="org.jboss.security.auth.spi.LdapLoginModule" flag="sufficient">
<module-option name="java.naming.provider.url" value="ldap://ldaphost.jboss.org:1"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="principalDNPrefix" value="principalDNSuffix"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="throwValidateError" value="true"/>
</login-module>
Command with principalDNPrefix with some value
/subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapLoginModule44:add(code=org.jboss.security.auth.spi.LdapLoginModule, flag=sufficient, module-options=[ "java.naming.provider.url" => "ldap://ldaphost.jboss.org:1", "java.naming.security.authentication" => "simple", "principalDNPrefix" => "test", "principalDNSuffix" => ",ou=People,o=jboss.org", "allowEmptyPasswords" => "false", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "throwValidateError" => "true" ]){allow-resource-service-restart=true}
Output in standalone-full.xml
Values are stored correctly.
<login-module name="org.jboss.security.auth.spi.LdapLoginModule44" code="org.jboss.security.auth.spi.LdapLoginModule" flag="sufficient">
<module-option name="java.naming.provider.url" value="ldap://ldaphost.jboss.org:1"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="principalDNPrefix" value="test"/>
<module-option name="principalDNSuffix" value=",ou=People,o=jboss.org"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="throwValidateError" value="true"/>
</login-module>