Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7677

Missing validation for write-attribute operation for introspection-url from Elytron token-realm

XMLWordPrintable

    • Hide

      Use standalone-elytron.xml and execute following CLI commands:

      /subsystem=elytron/token-realm=tokenRealm:add(oauth2-introspection={client-id=id,client-secret=secret,introspection-url=http://127.0.0.1})
      /subsystem=elytron/token-realm=tokenRealm:write-attribute(name=oauth2-introspection.introspection-url,value=127.0.0.1)
      reload
      
      Show
      Use standalone-elytron.xml and execute following CLI commands: /subsystem=elytron/token-realm=tokenRealm:add(oauth2-introspection={client-id=id,client-secret=secret,introspection-url=http: //127.0.0.1}) /subsystem=elytron/token-realm=tokenRealm:write-attribute(name=oauth2-introspection.introspection-url,value=127.0.0.1) reload

      add operation for Elytron token-realm checks whether oauth2-introspection.introspection-url includes valid URL. However, in case when invalid URL is added with write-attribute operation then there is no validation. It results to failures during reloading/restarting server.

            rhn-support-ivassile Ilia Vassilev
            olukas Ondrej Lukas (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: