Bug 1546708
Summary: | Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException (RHEL) | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Geetika Kapoor <gkapoor> | |
Component: | pki-core | Assignee: | Fraser Tweedale <ftweedal> | |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> | |
Severity: | urgent | Docs Contact: | Marc Muehlfeld <mmuehlfe> | |
Priority: | urgent | |||
Version: | 7.5 | CC: | ftweedal, mharmsen, msauton | |
Target Milestone: | rc | Keywords: | TestCaseProvided, ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
The *pkiconsole* utility no longer accepts ACLs with an empty expression
The Certificate System server rejects saving invalid access control lists (ACL). As a consequence, when saving an ACL with an empty expression, the server rejected the update and the *pkiconsole* utility displayed an *StringIndexOutOfBoundsException* error. With this update, the utility rejects empty ACL expressions. As a result, invalid ACLs cannot be saved and the error is no longer displayed.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1557883 1560227 (view as bug list) | Environment: | ||
Last Closed: | 2018-10-30 11:05:22 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1557883, 1560227, 1560230 |
Description
Geetika Kapoor
2018-02-19 11:38:32 UTC
I think it is a combination of the fact that we can now separate ACL entries for a single resource into multiple ACLs (for readability / maintainability), and that the ACLAdminServlet and ACLPanel components use the NameValuePairs class for transmitting ACLs, which cannot handle duplicate keys. Gerrit reviews: - https://review.gerrithub.io/403280 - https://review.gerrithub.io/403281 - https://review.gerrithub.io/403282 - https://review.gerrithub.io/403283 - https://review.gerrithub.io/403284 - https://review.gerrithub.io/403285 - https://review.gerrithub.io/403286 - https://review.gerrithub.io/403287 Fixed in master: - 223e6980c3f3f7a075890897bbb74140cb95279a console: prohibit empty ACL expression - f62f8931d3dfced0b41e56e0bd4dc67fb31e2810 DirAclAuthz.updateACLs: re-throw ACL exception - 476320b43da7781a3f2994d55c8b48ee9bf6de73 ACLEntry.java: return null on parse error - 8f0b4a2f140590d6ed0149d9990e4f95eb047ae8 ACL.java: remove setDescription method - db05fc2c34b2f87e920d370cb5288ee0222f4023 ACL.java: retain all resourceACLs strings when merging - f4edd44009bc681577ea9209e092b65ca9985179 ACL.java: Make constructor private and add sanity check - f5e399a6bc7672d308332902d044e29f7deb3557 ACL.java: Remove unused constructor - 29092bd3a6c788164d3d37cdf40ac0811544accf Move parseACL to ACL.java add doc text Marking MODIFIED; inherited from 7.5.z QE Test Verification https://bugzilla.redhat.com/show_bug.cgi?id=1557883#c14 Test Env: pki-core-10.5.9-5.el7 Bugzilla tested and works as expected. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3195 |