[Red Hat JIRA] (WFLY-13164) When "corrupted" public key is supplied to server, user is not informed

Tuesday, 5 January 2021

    [
https://issues.redhat.com/browse/WFLY-13164?page=com.atlassian.jira.plugi...
] 

Sonia Zaldana commented on WFLY-13164:
--------------------------------------

Hi [~jkasik], thanks for the link to the test suite. I tried taking a closer look today,
but I was wondering whether you could point me to the last version where the test was
passing? I saw the affected versions start in 19.0.0.Beta2, so I tried running it with
19.0.0.Beta1 but I still get the same error mentioned in the description. Any versions
prior to that one throw a ClassNotFoundException, which I assume is because the
functionality had not been merged yet. 

...
 When "corrupted" public key is supplied to server, user is
not informed
 -----------------------------------------------------------------------

                 Key: WFLY-13164
                 URL: https://issues.redhat.com/browse/WFLY-13164
             Project: WildFly
          Issue Type: Bug
          Components: MP JWT
    Affects Versions: 19.0.0.Beta2, 20.0.0.Beta1
            Reporter: Jan Kasik
            Priority: Critical
         Attachments: CorruptedKeyTest.war

 When corrupted public key (a valid key cannot be extracted from the string value) is
supplied to JWT verifier, user is not informed since there is no error message in log and
clients receives 401 status code in response instead of an error code of 500. 

--
This message was sent by Atlassian Jira
(v8.13.1#813001)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006