[jboss-jira] [JBoss JIRA] (ELY-1193) Elytron token-realm doesn't support unsigned tokens

Elytron token-realm doesn't support unsigned tokens --------------------------------------------------- Key: ELY-1193 URL: https://issues.jboss.org/browse/ELY-1193 Project: WildFly Elytron Issue Type: Bug Reporter: Josef Cacek Assignee: Jan Kalina Priority: Blocker Verification of JWT tokens with empty signature part fails in Elytron. The Elytron token-realm can be configured to not verify JWT token signature. {code} /subsystem=elytron/token-realm=JwtRealm:add(jwt={}) {code} The JWT specification describes tokens without signature in [RFC 7519 Section 6|https://tools.ietf.org/html/rfc7519#section-6]. When user is comming with such a token the validation in Elytron fails. Sample token: {code} eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpc3MiOiJpc3N1ZXIud2lsZGZseS5vcmciLCJzdWIiOiJlbHl0cm9uQHdpbGRmbHkub3JnIiwiZXhwIjoyMDUxMjIyMzk5LCJhdWQiOiJlbHl0cm9uLXRlc3QifQ. Header: { "alg": "none", "typ": "JWT" } Payload: { "iss": "issuer.wildfly.org", "sub": &quot;elytron(a)wildfly.org&quot;, "exp": 2051222399, "aud": "elytron-test" } {code} The problem is probably in this piece of code in {{JwtValidator}} class: {code:java} String[] parts = jwt.split("\\."); if (parts.length < 3) { throw log.tokenRealmJwtInvalidFormat(); } {code} Even if the token correctly contains 2 dots, the {{split}} returns array of lenght 2 (because the last part is empty). Additional negative-integer argument to the {{split()}} method could help here: {code:java} jwt.split("\\.", -1); {code}