Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 11.0.0.Alpha1
Affects Version/s: None
Component/s: Security
Labels:
- user_experience

Steps to Reproduce:
Hide

Use standalone-elytron.xml and execute following CLI commands:

/subsystem=elytron/token-realm=tokenRealm:add(oauth2-introspection={client-id=id,client-secret=secret,introspection-url=http://127.0.0.1}) /subsystem=elytron/token-realm=tokenRealm:write-attribute(name=oauth2-introspection.introspection-url,value=127.0.0.1) reload
Show
Use standalone-elytron.xml and execute following CLI commands: /subsystem=elytron/token-realm=tokenRealm:add(oauth2-introspection={client-id=id,client-secret=secret,introspection-url=http: //127.0.0.1}) /subsystem=elytron/token-realm=tokenRealm:write-attribute(name=oauth2-introspection.introspection-url,value=127.0.0.1) reload
Git Pull Request:
https://github.com/wildfly-security/elytron-subsystem/pull/346

add operation for Elytron token-realm checks whether oauth2-introspection.introspection-url includes valid URL. However, in case when invalid URL is added with write-attribute operation then there is no validation. It results to failures during reloading/restarting server.

clones

JBEAP-7507 Missing validation for write-attribute operation for introspection-url from Elytron token-realm

Closed

is incorporated by

WFLY-7883 Upgrade to Elytron Subsystem 1.0.0.Alpha20

Closed

Assignee:: Ilia Vassilev

Reporter:: Ondrej Lukas (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2016/11/25 4:21 AM

Updated:: 2017/12/06 11:53 AM

Resolved:: 2017/01/16 4:14 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates