You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tinkerpop.apache.org by "Dylan Millikin (JIRA)" <ji...@apache.org> on 2015/09/25 06:56:04 UTC

[jira] [Created] (TINKERPOP3-855) sasl authentication type error due to Json format

Dylan Millikin created TINKERPOP3-855:
-----------------------------------------

             Summary: sasl authentication type error due to Json format
                 Key: TINKERPOP3-855
                 URL: https://issues.apache.org/jira/browse/TINKERPOP3-855
             Project: TinkerPop 3
          Issue Type: Bug
          Components: server
    Affects Versions: 3.0.1-incubating
            Reporter: Dylan Millikin
            Assignee: stephen mallette


The documentation states :
{quote}The password should be an encoded sequence of UTF-8 bytes{quote}

Thus the {{SaslAuthenticationHandler}} expects to receive a {{byte[]}} type var.
 
However, using gremlin-server with {{GraphSonMessageSerializer}}, if I send the payload with the sasl argument (say {{\x00stephen\x00password}}) in response to a gremlin-server {{407}} authentication challenge, I will get the following error:

{code}
java.lang.ClassCastException: java.lang.String cannot be cast to [B
	at org.apache.tinkerpop.gremlin.server.handler.SaslAuthenticationHandler.channelRead(SaslAuthenticationHandler.java:74)
{code}

This seems "normal" in that Json does not support any binary dataType and the sasl argument will automatically be converted to {{String}}.

I quickly tested a correction locally by changing [this line|https://github.com/apache/incubator-tinkerpop/blob/tp30/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java#L74] to :
{code}
final String saslString = new String(requestMessage.getArgs().get(Tokens.ARGS_SASL));
final byte[] saslResponse = saslString.getBytes(Charset.forName("UTF-8"));{code}

And this seems to work (though clearly not the cleanest because of the potential roundtrip). I haven't run the full test suit but I would expect this to pass as it shouldn't be BC breaking.

If you have any other ideas (or If I'm totally doing something wrong) let me know. I could probably make a PR for this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)