[JBoss JIRA] (TEIID-4090) Issue with entitysets/properties ending in auth or token

Thursday, 9 June 2016

    [
https://issues.jboss.org/browse/TEIID-4090?page=com.atlassian.jira.plugin...
] 

Steven Hawkins commented on TEIID-4090:
---------------------------------------

...
 I can not seem to remember the reason I added the "static"
content servlet? 
I can't find anything related to the commit comment -
https://issues.jboss.org/issues/?jql=issuekey%20in%20(TEIID-4090%2C%20%20...

It seems like it needs to be more secure - allowing any resource to be read from the
classpath is a security issue.  Did you add it for debugging or perhaps for other security
work?

...
 Issue with entitysets/properties ending in auth or token
 --------------------------------------------------------

                 Key: TEIID-4090
                 URL: https://issues.jboss.org/browse/TEIID-4090
             Project: Teiid
          Issue Type: Bug
          Components: OData
    Affects Versions: 8.12
            Reporter: Steven Hawkins
            Assignee: Ramesh Reddy
             Fix For: 9.0, 8.12.5

 To handle oauth, we are check for uri.endsWith("auth") ||
uri.endsWith("token") - however valid uris can end with those characters as
well.  An ioexception will be thrown instead of seeing the expected results - we also need
to not simply throw an ioexception in ODataServlet as there is no server log of the
exception and the client sees a 500 error. 

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009