You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/09/09 10:39:00 UTC

[jira] [Work logged] (KNOX-2804) HadoopXmlResource parser should handle unescaped XML entries

     [ https://issues.apache.org/jira/browse/KNOX-2804?focusedWorklogId=807352&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-807352 ]

ASF GitHub Bot logged work on KNOX-2804:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Sep/22 10:38
            Start Date: 09/Sep/22 10:38
    Worklog Time Spent: 10m 
      Work Description: smolnar82 opened a new pull request, #632:
URL: https://github.com/apache/knox/pull/632

   ## What changes were proposed in this pull request?
   
   TODO
   
   ## How was this patch tested?
   
   JSON I used for testing:
   ```
   {
     "providers" : [ {
       "role" : "webappsec",
       "name" : "WebAppSec",
       "enabled" : true,
       "params" : {
         "xframe.options.enabled" : "true"
       }
     }, {
       "role" : "authentication",
       "name" : "ShiroProvider",
       "enabled" : true,
       "params" : {
         "main.ldapContextFactory" : "org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory",
         "main.ldapRealm" : "org.apache.knox.gateway.shirorealm.KnoxLdapRealm",
         "main.ldapRealm.authenticationCachingEnabled" : "false",
         "main.ldapRealm.contextFactory" : "$ldapContextFactory",
         "main.ldapRealm.contextFactory.authenticationMechanism" : "simple",
         "main.ldapRealm.contextFactory.url" : "ldap://localhost:33389",
         "main.ldapRealm.userDnTemplate" : "uid=0ou=people,dc=hadoop,dc=apache,dc=org",
         "main.ldapRealm.userSearchFilter" : "(&(&(objectclass=person)(sAMAccountName={0}))(|(memberOf=CN=SecXX-ali-bda-users,OU=ManagedGroups,OU=Groups,OU=XX,OU=dm,DC=dm,DC=int)(memberOf=CN=SecXX-ali-bda-rls-serviceuser,OU=ManagedGroups,OU=Groups,OU=XX,OU=dm,DC=dm,DC=int)))",
         "redirectToUrl" : "/${GATEWAY_PATH}/knoxsso/knoxauth/login.html",
         "restrictedCookies" : "rememberme,WWW-Authenticate",
         "sessionTimeout" : "30",
         "urls./**" : "authcBasic"
       }
     }, {
       "role" : "identity-assertion",
       "name" : "Default",
       "enabled" : true,
       "params" : { }
     } ],
     "readOnly" : true
   }
   ```
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 807352)
    Remaining Estimate: 0h
            Time Spent: 10m

> HadoopXmlResource parser should handle unescaped XML entries
> ------------------------------------------------------------
>
>                 Key: KNOX-2804
>                 URL: https://issues.apache.org/jira/browse/KNOX-2804
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 1.6.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 2.0.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Based on end-user feedback: they specified the following LDAP realm property
> {noformat}
> authentication.param.main.ldapRealm.userSearchFilter=(&(&(objectclass=person)(sAMAccountName={0}))(|(memberOf=CN=SecXX-ali-bda-users,OU=ManagedGroups,OU=Groups,OU=XX,OU=dm,DC=dm,DC=int)(memberOf=CN=SecXX-ali-bda-rls-serviceuser,OU=ManagedGroups,OU=Groups,OU=XX,OU=dm,DC=dm,DC=int))) {noformat}
> in their application and this resulted in an error in Knox:
> {noformat}
> 2022-09-09 11:27:53,199  ERROR digester3.Digester (Digester.java:parse(1652)) - An error occurred while parsing XML from '(already loaded from stream)', see nested exceptions
> org.xml.sax.SAXParseException: The entity name must immediately follow the '&' in the entity reference.
> 	at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1239) ~[?:1.8.0_282]
> 	at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643) ~[?:1.8.0_282]
> 	at org.apache.commons.digester3.Digester.parse(Digester.java:1642) [commons-digester3-3.2.jar:3.2]
> 	at org.apache.commons.digester3.Digester.parse(Digester.java:1701) [commons-digester3-3.2.jar:3.2]
> 	at org.apache.knox.gateway.util.TopologyUtils.parse(TopologyUtils.java:50) [gateway-server-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at org.apache.knox.gateway.services.topology.impl.DefaultTopologyService.parse(DefaultTopologyService.java:154) [gateway-server-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at org.apache.knox.gateway.topology.simple.SimpleDescriptorHandler.shouldPersistGeneratedTopology(SimpleDescriptorHandler.java:669) [gateway-topology-simple-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at org.apache.knox.gateway.topology.simple.SimpleDescriptorHandler.generateTopology(SimpleDescriptorHandler.java:614) [gateway-topology-simple-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at org.apache.knox.gateway.topology.simple.SimpleDescriptorHandler.handle(SimpleDescriptorHandler.java:193) [gateway-topology-simple-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at org.apache.knox.gateway.topology.simple.SimpleDescriptorHandler.handle(SimpleDescriptorHandler.java:96) [gateway-topology-simple-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at org.apache.knox.gateway.services.topology.monitor.DescriptorsMonitor.onFileChange(DescriptorsMonitor.java:97) [gateway-server-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at org.apache.knox.gateway.services.topology.impl.DefaultTopologyService.triggerDescriptorDiscovery(DefaultTopologyService.java:566) [gateway-server-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at org.apache.knox.gateway.services.topology.impl.DefaultTopologyService.startMonitor(DefaultTopologyService.java:561) [gateway-server-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at org.apache.knox.gateway.GatewayServer.start(GatewayServer.java:698) [gateway-server-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at org.apache.knox.gateway.GatewayServer.startGateway(GatewayServer.java:360) [gateway-server-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at org.apache.knox.gateway.GatewayServer.main(GatewayServer.java:176) [gateway-server-2.0.0-SNAPSHOT.jar:2.0.0-SNAPSHOT]
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_282]
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_282]
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_282]
> 	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_282]
> 	at org.apache.knox.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:68) [gateway.jar:?]
> 	at org.apache.knox.gateway.launcher.Invoker.invoke(Invoker.java:39) [gateway.jar:?]
> 	at org.apache.knox.gateway.launcher.Command.run(Command.java:99) [gateway.jar:?]
> 	at org.apache.knox.gateway.launcher.Launcher.run(Launcher.java:75) [gateway.jar:?]
> 	at org.apache.knox.gateway.launcher.Launcher.main(Launcher.java:52) [gateway.jar:?]
> 2022-09-09 11:27:53,199  ERROR topology.simple (SimpleDescriptorHandler.java:shouldPersistGeneratedTopology(674)) - Error comparing the generated XXX topology with the existing version: org.xml.sax.SAXParseException; lineNumber: 31; columnNumber: 26; The entity name must immediately follow the '&' in the entity reference. {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)