Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-18847

When "corrupted" public key is supplied to server, user is not informed

    Details

    • Type: Bug
    • Status: New (View Workflow)
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 7.4.0.CD19
    • Fix Version/s: None
    • Component/s: MP JWT
    • Labels:
      None
    • Target Release:
      CD
    • Steps to Reproduce:
      Hide

      Deploy attached WAR which has set following MP properties:

      mp.jwt.verify.publickey=foobarqux
      mp.jwt.verify.issuer=issuer
      
      Show
      Deploy attached WAR which has set following MP properties: mp.jwt.verify.publickey=foobarqux mp.jwt.verify.issuer=issuer
    • Affects:
      Release Notes, User Experience
    • Affects Testing:
      Regression
    • QE Test Coverage:
      +

      Description

      When corrupted public key (a valid key cannot be extracted from the string value) is supplied to JWT verifier, user is not informed since there is no error message in log and clients receives 401 status code in response instead of an error code of 500.

      This is a regression when compared against state when the feature was being merged.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dlofthouse Darran Lofthouse
                  Reporter:
                  jkasik Jan Kasik
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated: