[jboss-jira] [JBoss JIRA] (ELY-1193) Elytron token-realm doesn't support unsigned tokens
Jan Kalina (JIRA)
issues at jboss.org
Thu May 25 05:02:02 EDT 2017
[ https://issues.jboss.org/browse/ELY-1193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Kalina reassigned ELY-1193:
-------------------------------
Assignee: Jan Kalina (was: Darran Lofthouse)
> Elytron token-realm doesn't support unsigned tokens
> ---------------------------------------------------
>
> Key: ELY-1193
> URL: https://issues.jboss.org/browse/ELY-1193
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Jan Kalina
> Priority: Blocker
>
> Verification of JWT tokens with empty signature part fails in Elytron.
> The Elytron token-realm can be configured to not verify JWT token signature.
> {code}
> /subsystem=elytron/token-realm=JwtRealm:add(jwt={})
> {code}
> The JWT specification describes tokens without signature in [RFC 7519 Section 6|https://tools.ietf.org/html/rfc7519#section-6].
> When user is comming with such a token the validation in Elytron fails.
> Sample token:
> {code}
> eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpc3MiOiJpc3N1ZXIud2lsZGZseS5vcmciLCJzdWIiOiJlbHl0cm9uQHdpbGRmbHkub3JnIiwiZXhwIjoyMDUxMjIyMzk5LCJhdWQiOiJlbHl0cm9uLXRlc3QifQ.
> Header:
> {
> "alg": "none",
> "typ": "JWT"
> }
> Payload:
> {
> "iss": "issuer.wildfly.org",
> "sub": "elytron at wildfly.org",
> "exp": 2051222399,
> "aud": "elytron-test"
> }
> {code}
> The problem is probably in this piece of code in {{JwtValidator}} class:
> {code:java}
> String[] parts = jwt.split("\\.");
> if (parts.length < 3) {
> throw log.tokenRealmJwtInvalidFormat();
> }
> {code}
> Even if the token correctly contains 2 dots, the {{split}} returns array of lenght 2 (because the last part is empty). Additional negative-integer argument to the {{split()}} method could help here:
> {code:java}
> jwt.split("\\.", -1);
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list