[jboss-jira] [JBoss JIRA] (ELY-1193) Elytron token-realm doesn't support unsigned tokens
Josef Cacek (JIRA)
issues at jboss.org
Wed May 24 02:56:00 EDT 2017
Josef Cacek created ELY-1193:
--------------------------------
Summary: Elytron token-realm doesn't support unsigned tokens
Key: ELY-1193
URL: https://issues.jboss.org/browse/ELY-1193
Project: WildFly Elytron
Issue Type: Bug
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Priority: Blocker
Verification of JWT tokens with empty signature part fails in Elytron.
The Elytron token-realm can be configured to not verify JWT token signature.
{code}
/subsystem=elytron/token-realm=JwtRealm:add(jwt={})
{code}
The JWT specification describes tokens without signature in [RFC 7519 Section 6|https://tools.ietf.org/html/rfc7519#section-6].
When user is comming with such a token the validation in Elytron fails.
Sample token:
{code}
eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpc3MiOiJpc3N1ZXIud2lsZGZseS5vcmciLCJzdWIiOiJlbHl0cm9uQHdpbGRmbHkub3JnIiwiZXhwIjoyMDUxMjIyMzk5LCJhdWQiOiJlbHl0cm9uLXRlc3QifQ.
Header:
{
"alg": "none",
"typ": "JWT"
}
Payload:
{
"iss": "issuer.wildfly.org",
"sub": "elytron at wildfly.org",
"exp": 2051222399,
"aud": "elytron-test"
}
{code}
The problem is probably in this piece of code in {{JwtValidator}} class:
{code:java}
String[] parts = jwt.split("\\.");
if (parts.length < 3) {
throw log.tokenRealmJwtInvalidFormat();
}
{code}
Even if the token correctly contains 2 dots, the {{split}} returns array of lenght 2 (because the last part is empty). Additional negative-integer argument to the {{split()}} method could help here:
{code:java}
jwt.split("\\.", -1);
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list