[
https://issues.apache.org/jira/browse/TINKERPOP3-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14934083#comment-14934083
]
stephen mallette commented on TINKERPOP3-855:
---------------------------------------------
Thanks for digging into this one. I needed to dig in myself to make sure I
understood what was going on and your description on this issue helped make
things easier. You have about half of the solution - the other half is in how
to do this without breaking stuff that's working (e.g. gryo and GraphSON with
embedded types). Here's how I think you should formulate your pull request:
You suggested replacing this line with your code:
https://github.com/apache/incubator-tinkerpop/blob/ad27fce579a182de3ebf886fdbd85d5960852bdd/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java#L76
To go a step further, I think you should test the type of {{ARGS_SASL}} and
determine if it is a {{String}} or {{byte[]}} and then use your code or cast to
{{byte[]}} accordingly. If it is neither of those options you should send back
an error message (use the {{UNAUTHORIZED}} message as an example in the
{{SaslAuthenticationHandler}}. I think you should use
{{ResponseCode.REQUEST_ERROR_MALFORMED_REQUEST}}.
This work should be based on the tp30 branch that way we get this fix for 3.0.2
which we are preparing for release 10/19.
Does that make sense? Can you submit a pull request in the next few days based
on that information?
> sasl authentication type error due to Json format
> -------------------------------------------------
>
> Key: TINKERPOP3-855
> URL: https://issues.apache.org/jira/browse/TINKERPOP3-855
> Project: TinkerPop 3
> Issue Type: Bug
> Components: server
> Affects Versions: 3.0.1-incubating
> Reporter: Dylan Millikin
> Assignee: stephen mallette
> Fix For: 3.1.0-incubating, 3.0.2-incubating
>
>
> The documentation states :
> {quote}The password should be an encoded sequence of UTF-8 bytes{quote}
> Thus the {{SaslAuthenticationHandler}} expects to receive a {{byte[]}} type
> var.
>
> However, using gremlin-server with {{GraphSonMessageSerializer}}, if I send
> the payload with the sasl argument (say {{\x00stephen\x00password}}) in
> response to a gremlin-server {{407}} authentication challenge, I will get the
> following error:
> {code}
> java.lang.ClassCastException: java.lang.String cannot be cast to [B
> at
> org.apache.tinkerpop.gremlin.server.handler.SaslAuthenticationHandler.channelRead(SaslAuthenticationHandler.java:74)
> {code}
> This seems "normal" in that Json does not support any binary dataType and the
> sasl argument will automatically be converted to {{String}}.
> I quickly tested a correction locally by changing [this
> line|https://github.com/apache/incubator-tinkerpop/blob/tp30/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java#L74]
> to :
> {code}
> final String saslString = (String)
> requestMessage.getArgs().get(Tokens.ARGS_SASL);
> final byte[] saslResponse =
> saslString.getBytes(Charset.forName("UTF-8"));{code}
> This is clearly a breaking change, but it solved the Json issue.
> If you have any ideas on the way you want to go with this (or If I'm totally
> doing something wrong) let me know. I could probably make a PR for this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
