From 5ef182c058c1457c878e9dc2f5f1956c43b41682 Mon Sep 17 00:00:00 2001 From: Stuart Douglas Date: Wed, 16 Dec 2020 15:22:46 +1100 Subject: [PATCH] Trim security config usernames and roles Fixes #13787 --- .../elytron/security/runtime/MPRealmRuntimeConfig.java | 4 ++++ .../io/quarkus/vertx/http/runtime/PolicyConfig.java | 3 +++ .../src/main/resources/application.properties | 10 ++++++---- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/extensions/elytron-security-properties-file/runtime/src/main/java/io/quarkus/elytron/security/runtime/MPRealmRuntimeConfig.java b/extensions/elytron-security-properties-file/runtime/src/main/java/io/quarkus/elytron/security/runtime/MPRealmRuntimeConfig.java index b040d316efefe..d6f348ed8dd45 100644 --- a/extensions/elytron-security-properties-file/runtime/src/main/java/io/quarkus/elytron/security/runtime/MPRealmRuntimeConfig.java +++ b/extensions/elytron-security-properties-file/runtime/src/main/java/io/quarkus/elytron/security/runtime/MPRealmRuntimeConfig.java @@ -7,6 +7,8 @@ import io.quarkus.runtime.annotations.ConfigItem; import io.quarkus.runtime.annotations.ConfigPhase; import io.quarkus.runtime.annotations.ConfigRoot; +import io.quarkus.runtime.annotations.ConvertWith; +import io.quarkus.runtime.configuration.TrimmedStringConverter; /** * Configuration information used to populate a {@linkplain org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm} @@ -35,6 +37,7 @@ public class MPRealmRuntimeConfig { * See Embedded Users. */ @ConfigItem(defaultValueDocumentation = "none") + @ConvertWith(TrimmedStringConverter.class) public Map users; /** @@ -42,6 +45,7 @@ public class MPRealmRuntimeConfig { * See Embedded Roles. */ @ConfigItem(defaultValueDocumentation = "none") + @ConvertWith(TrimmedStringConverter.class) public Map roles; } diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/PolicyConfig.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/PolicyConfig.java index cd4860dddaf93..b5feb89fb2eef 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/PolicyConfig.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/PolicyConfig.java @@ -4,6 +4,8 @@ import io.quarkus.runtime.annotations.ConfigGroup; import io.quarkus.runtime.annotations.ConfigItem; +import io.quarkus.runtime.annotations.ConvertWith; +import io.quarkus.runtime.configuration.TrimmedStringConverter; @ConfigGroup public class PolicyConfig { @@ -12,5 +14,6 @@ public class PolicyConfig { * The roles that are allowed to access resources protected by this policy */ @ConfigItem + @ConvertWith(TrimmedStringConverter.class) public List rolesAllowed; } diff --git a/integration-tests/elytron-undertow/src/main/resources/application.properties b/integration-tests/elytron-undertow/src/main/resources/application.properties index 146f7da098274..4ac7dea74a8bc 100644 --- a/integration-tests/elytron-undertow/src/main/resources/application.properties +++ b/integration-tests/elytron-undertow/src/main/resources/application.properties @@ -1,8 +1,10 @@ quarkus.security.users.embedded.enabled=true -quarkus.security.users.embedded.users.john=john -quarkus.security.users.embedded.roles.john=employees -quarkus.security.users.embedded.users.mary=mary -quarkus.security.users.embedded.roles.mary=managers +#note that the spaces after the usernames and roles are deliberate +#to verify that they are trimmed correctly +quarkus.security.users.embedded.users.john=john +quarkus.security.users.embedded.roles.john=employees +quarkus.security.users.embedded.users.mary=mary +quarkus.security.users.embedded.roles.mary=managers quarkus.security.users.embedded.users.poul=poul quarkus.security.users.embedded.roles.poul=interns quarkus.security.users.embedded.plain-text=true