Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cookie-encryption-password configuration parameter take only a single character #4512

Closed
satyachillale opened this issue Jul 12, 2022 · 1 comment
Closed

cookie-encryption-password configuration parameter take only a single character #4512

satyachillale opened this issue Jul 12, 2022 · 1 comment
Assignees
@klustria
Labels
bug Something isn't working P2 security
Projects
Backlog

Comments

@satyachillale
Copy link

cookie-encryption-password configuration parameter take only a single character, it should take a string.

Environment Details

  • Helidon Version: 2.5.1
  • Helidon SE or Helidon MP: Helidon MP
  • JDK version: 1.8
  • OS: Linux
  • Docker version (if applicable):

Problem Description

cookie-encryption-password configuration parameter take only a single character, it should take a string.
Configuration - security.providers.oidc.cookie-encryption-password: “masterpassword”
Stack trace

Exception in thread "main" java.lang.IllegalArgumentException: Failed to convert property "security.providers.1.oidc.cookie-encryption-password" from its value "masterpassword" to char
        at io.helidon.config.mp.MpConfigImpl.convert(MpConfigImpl.java:308)
        at io.helidon.config.mp.MpConfigImpl.toArray(MpConfigImpl.java:346)
        at io.helidon.config.mp.MpConfigImpl.optionalValue(MpConfigImpl.java:135)
        at io.helidon.config.mp.MpConfigImpl.getOptionalValue(MpConfigImpl.java:120)
        at io.helidon.config.mp.SeConfig.as(SeConfig.java:199)
        at io.helidon.security.providers.oidc.common.OidcConfig$Builder.config(OidcConfig.java:1248)
        at io.helidon.security.providers.oidc.common.OidcConfig.create(OidcConfig.java:463)
        at io.helidon.security.providers.oidc.OidcProvider$Builder.config(OidcProvider.java:699)
        at io.helidon.security.providers.oidc.OidcProvider.create(OidcProvider.java:207)
        at io.helidon.security.providers.oidc.OidcProviderService.providerInstance(OidcProviderService.java:45)
        at io.helidon.security.Security$Builder.providerFromConfig(Security.java:1336)
        at io.helidon.security.Security$Builder.lambda$fromConfig$1(Security.java:1191)
        at java.base/java.lang.Iterable.forEach(Iterable.java:75)
        at io.helidon.security.Security$Builder.lambda$fromConfig$2(Security.java:1191)
        at java.base/java.util.Optional.ifPresent(Optional.java:183)
        at io.helidon.config.ConfigValue.ifPresent(ConfigValue.java:227)
        at io.helidon.security.Security$Builder.fromConfig(Security.java:1190)
        at io.helidon.security.Security$Builder.config(Security.java:1046)
        at io.helidon.microprofile.security.SecurityCdiExtension.configure(SecurityCdiExtension.java:69)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.jboss.weld.injection.StaticMethodInje
ctionPoint.invoke(StaticMethodInjectionPoint.java:95)
        at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:85)
        at org.jboss.weld.injection.MethodInvocationStrategy$SimpleMethodInvocationStrategy.invoke(MethodInvocationStrategy.java:168)
        at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:330)
        at org.jboss.weld.event.ExtensionObserverMethodImpl.sendEvent(ExtensionObserverMethodImpl.java:123)
        at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:308)
        at org.jboss.weld.event.ObserverMethodImpl.notify(ObserverMethodImpl.java:286)
        at javax.enterprise.inject.spi.ObserverMethod.notify(ObserverMethod.java:124)
        at org.jboss.weld.util.Observers.notify(Observers.java:166)
        at org.jboss.weld.event.ObserverNotifier.notifySyncObservers(ObserverNotifier.java:285)
        at org.jboss.weld.event.ObserverNotifier.notify(ObserverNotifier.java:273)
        at org.jboss.weld.event.EventImpl.fire(EventImpl.java:96)
        at io.helidon.microprofile.cdi.H
elidonContainerImpl.doStart(HelidonContainerImpl.java:297)
        at io.helidon.common.context.Contexts.runInContext(Contexts.java:137)
        at io.helidon.microprofile.cdi.HelidonContainerImpl.start(HelidonContainerImpl.java:251)
        at io.helidon.microprofile.cdi.Main.main(Main.java:80)
Caused by: java.lang.IllegalArgumentException: The string to map must be a single character, but is: masterpassword
        at io.helidon.config.mp.MpConfigBuilder.toChar(MpConfigBuilder.java:118)
        at io.helidon.config.mp.MpConfigImpl.lambda$findComponentConverter$cad3d4ae$1(MpConfigImpl.java:252)

Steps to reproduce

  1. Set config value security.providers.oidc.cookie-encryption-password: “masterpassword”
  2. Run the application
@github-actions github-actions bot added this to Triage in Backlog Jul 12, 2022
@m0mus m0mus added bug Something isn't working P2 security labels Jul 21, 2022
@m0mus m0mus moved this from Triage to High priority in Backlog Jul 21, 2022
@m0mus m0mus moved this from High priority to Sprint Scope in Backlog Jul 28, 2022
klustria added a commit to klustria/helidon that referenced this issue Aug 2, 2022
@klustria
Configuration parameter 'cookie-encryption-password' takes only a sin…
6990107 
…gle character rather than a string (helidon-io#4512)
@klustria klustria mentioned this issue Aug 2, 2022
Merged
@klustria klustria moved this from Sprint Scope to In Progress in Backlog Aug 3, 2022
klustria added a commit that referenced this issue Aug 3, 2022
@klustria
Configuration parameter 'cookie-encryption-password' takes only a sin…
ccc285d 
…gle character rather than a string (#4512) (#4657)

* Configuration parameter 'cookie-encryption-password' takes only a single character rather than a string (#4512)

* Simplify cookie-password-encryption conversion and improve the unit test
klustria added a commit to klustria/helidon that referenced this issue Aug 4, 2022
@klustria
Configuration parameter 'cookie-encryption-password' takes only a sin…
3f76034 
…gle character rather than a string (helidon-io#4512) (helidon-io#4657)

* Configuration parameter 'cookie-encryption-password' takes only a single character rather than a string (helidon-io#4512)

* Simplify cookie-password-encryption conversion and improve the unit test
@klustria klustria mentioned this issue Aug 4, 2022
Merged
klustria added a commit that referenced this issue Aug 4, 2022
@klustria
Configuration parameter 'cookie-encryption-password' takes only a sin…
7427688 
…gle character rather than a string (#4512) (#4657) (#4675)

* Configuration parameter 'cookie-encryption-password' takes only a single character rather than a string (#4512)

* Simplify cookie-password-encryption conversion and improve the unit test
@klustria
Copy link
Member

klustria commented Aug 4, 2022

Fix is included in both Master and 2.x branch. Will appear in future release version of 3.x and 2.5.x (most likely 2.5.3).

@klustria klustria closed this as completed Aug 4, 2022
Backlog automation moved this from In Progress to Closed Aug 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@klustria klustria

Labels
bug Something isn't working P2 security
Projects
Backlog
  
Closed
Milestone
No milestone
Development

No branches or pull requests
3 participants
@m0mus @satyachillale @klustria