[
https://issues.apache.org/jira/browse/RANGER-3179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17283468#comment-17283468
]
C.J. Collier commented on RANGER-3179:
--------------------------------------
Something like this?
{code:java}
public static void loadConfig(InputStream input, Map<Object, Object>
properties) {
try {
DocumentBuilderFactory xmlDocumentBuilderFactory =
DocumentBuilderFactory.newInstance();
xmlDocumentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
true);
xmlDocumentBuilderFactory.setFeature("http://xml.org/sax/features/external-general-entities";,
false);
xmlDocumentBuilderFactory.setFeature("http://xml.org/sax/features/external-parameter-entities";,
false);
xmlDocumentBuilderFactory.setIgnoringComments(true);
xmlDocumentBuilderFactory.setNamespaceAware(true);
DocumentBuilder xmlDocumentBuilder =
xmlDocumentBuilderFactory.newDocumentBuilder();
Document xmlDocument = xmlDocumentBuilder.parse(input);
xmlDocument.getDocumentElement().normalize();
NodeList nList =
xmlDocument.getElementsByTagName(XMLCONFIG_PROPERTY_TAGNAME);
for (int temp = 0; temp < nList.getLength(); temp++) {
Node nNode = nList.item(temp);
if (nNode.getNodeType() == Node.ELEMENT_NODE) {
Element eElement = (Element) nNode;
String propertyName = "";
String propertyValue = "";
if (eElement.getElementsByTagName(XMLCONFIG_NAME_TAGNAME).item(0) !=
null) {
propertyName =
eElement.getElementsByTagName(XMLCONFIG_NAME_TAGNAME)
.item(0).getTextContent().trim(); // <![CDATA[...]]>
if( propertyName.matches("(&|<|>)") ){
// are there any special characters?
}
if( propertyName.matches("<![CDATA[") ){
// Extract contents of <![CDATA[...]]>
}
}
{code}
> ranger-ugsync-site.xml parser XMLUtils::loadConfig unable to cope with
> special characters in passwords
> ------------------------------------------------------------------------------------------------------
>
> Key: RANGER-3179
> URL: https://issues.apache.org/jira/browse/RANGER-3179
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Affects Versions: 1.2.0
> Reporter: C.J. Collier
> Priority: Major
>
> Customer is using a password with an & character in their ldapbindpassword
> from ranger-ugsync-site.xml
>
> Attempts to escape with & or by wrapping the password in a
> <![CDATA[...]]> element failed with different errors.
>
> Solution could be to account for CDATA wrapper in loadConfig
>
> Log examples follow. First with & escaped as &:
>
> 12 Feb 2021 00:03:21 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> LdapDeltaUserGroupBuilder.getGroups() failed with exception:
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e,
> v2580]; remaining name 'DC=caremarkrx,DC=net'
>
> And another example with the raw password, unescaped:
> 12 Feb 2021 00:49:37 ERROR XMLUtils [main] - Error loading :
> org.xml.sax.SAXParseException; lineNumber: 52; columnNumber: 21; The
> reference to entity "I4F" must end with the ';' delimiter. at
> [com.sun.org|http://com.sun.org/].apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:257)
> at
> [com.sun.org|http://com.sun.org/].apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339)
> at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121) at
> org.apache.ranger.plugin.u
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
