OpenAS2 cannot be under NT_AUTHORITY\Network Service on Windows or with $ in password property

Question

OpenAS2 cannot be under NT_AUTHORITY\Network Service on Windows or with $ in password property

MilanDadok opened this issue 2 years ago · 4 comments

OpensAS2-3.3.0

The service ends immediately
2022-09-08 17:25:45 Apache Commons Daemon procrun stderr initialized.
org.openas2.params.InvalidParameterException: Invalid key (missing closing '$') parsing this string: AP10$
at org.openas2.params.ParameterParser.format(ParameterParser.java:150)
at org.openas2.params.ParameterParser.parse(ParameterParser.java:118)
at org.openas2.XMLSession.loadProperties(XMLSession.java:197)
at org.openas2.XMLSession.load(XMLSession.java:107)
at org.openas2.XMLSession.(XMLSession.java:75)
at org.openas2.app.OpenAS2Server$Builder.run(OpenAS2Server.java:182)
at org.openas2.app.OpenAS2WindowsService.start(OpenAS2WindowsService.java:30)

It's due to java system properties can have $ in it's value - here it's user.name == windows AD Computer name account
(TRACE stdout)
2022-09-08 17:25:46.468 FINER XMLSession: Parsing property: msg_tracking.db_pwd : OpenAS2
2022-09-08 17:25:46.468 FINER XMLSession: Parsing property: user.script :
2022-09-08 17:25:46.468 FINER XMLSession: Parsing property: sun.management.compiler : HotSpot 64-Bit Tiered Compilers
2022-09-08 17:25:46.468 FINER XMLSession: Parsing property: java.runtime.version : 17.0.4.1+1-LTS
2022-09-08 17:25:46.468 FINER XMLSession: Parsing property: user.name : AP10$

Same error with $ character in password in config.xml properties, for example
email.smtppwd="mySmtp$Pwd"

2022-09-08 17:32:03.701 FINER XMLSession: Parsing property: socket.logger.enabled : false
2022-09-08 17:32:03.701 FINER XMLSession: Parsing property: user.country : CZ
2022-09-08 17:32:03.701 FINER XMLSession: Parsing property: email.smtppwd : mySmtp$Pwd

temporary solution for first bug - add to java options
-Duser.name=NETWORK

The error is in XMLSession.java loadProperties - event password values are reevalueted after comment
/* Process all loaded values in case they reference other properties in the value
Use the properties object instead of Properties so we only parse the properties that were in the config.xml
so that we can use system property values to replace config.xml properties.
*/

Answer 1 · 2022-09-09T10:51:34.000Z

If the property value is entered in the properties file or in the config.xml file, any actual $ characters in properties value must be escaped by a $ character.
In your case it would be: user.name="AP10$$"
I will add this to the documentation.

However, since OpenAS2 does read ALL system properties set in the environment when it loads, it does raise the possibility that a system property containing a $ will cause a failure to start up. I will give that some thought as to how to deal with that scenario.

Answer 2 · 2022-09-09T11:05:45.000Z

@MilanDadok Re-reading your original post I think you are pointing out the problem of system properties. I will add code to bypass parsing any properties that are not in config.xml and take the value verbatim.

Answer 3 · 2022-10-04T10:22:52.000Z

Fixed in 3.4.0 release.

Answer 4 · 2023-11-01T14:13:48.000Z

Visit http://localhost:8080/ and login with "userID" and "pWd". Note: You may have to login twice if you get a "Network Error" the first time.

I've tried 50x and same error