Kirill created ZEPPELIN-6180:
--------------------------------
Summary: Login form does not pass plus sign into authenticator
Key: ZEPPELIN-6180
URL: https://issues.apache.org/jira/browse/ZEPPELIN-6180
Project: Zeppelin
Issue Type: Bug
Components: zeppelin-server
Affects Versions: 0.12.0
Environment: Zeppelin is deployed in Kubernetes with official set of
YAML-defined objects from
https://github.com/apache/zeppelin/blob/master/k8s/zeppelin-server.yaml
Image used: {{apache/zeppelin:0.12.0}} from DockerHub
Port-forward for port {{8080}} is used to get browser access
{{shiro.ini}} has it's example IniRealm uncommented:
{code}
[users]
admin = password1, admin
user1 = password2, role1, role2
user2 = password3, role3
{code}
Reporter: Kirill
If username or password contains plus sign ({{+}}), it is passed to
authenticator backend as space ({{ }}) thus failing authentication.
The issue is present both when using LDAP authenticator and local users in
{{shiro.ini}} ({{IniRealm}}). Although the password received by authenticator
class is not printed in log, the principal name is printed. So if username
{{user+plus}} is entered into login form, login fails and the following line
appears in console:
{noformat}
org.apache.shiro.authc.UnknownAccountException: Realm
[org.apache.shiro.realm.text.IniRealm@7aacfa56] was unable to find account data
for the submitted AuthenticationToken
[org.apache.shiro.authc.UsernamePasswordToken - user plus, rememberMe=false].
{noformat}
Notice {{user plus}} in the above log whereas {{user+plus}} was entered in
login form.
If a valid username (not containing {{+}} sign) is provided but the password
contains {{+}} sign, the following error appears in console:
{noformat}
org.apache.shiro.authc.IncorrectCredentialsException: Submitted credentials for
token [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false]
did not match the expected credentials.
{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
