Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7677

Missing validation for write-attribute operation for introspection-url from Elytron token-realm

    Details

    • Steps to Reproduce:
      Hide

      Use standalone-elytron.xml and execute following CLI commands:

      /subsystem=elytron/token-realm=tokenRealm:add(oauth2-introspection={client-id=id,client-secret=secret,introspection-url=http://127.0.0.1})
      /subsystem=elytron/token-realm=tokenRealm:write-attribute(name=oauth2-introspection.introspection-url,value=127.0.0.1)
      reload
      
      Show
      Use standalone-elytron.xml and execute following CLI commands: /subsystem=elytron/token-realm=tokenRealm:add(oauth2-introspection={client-id=id,client-secret=secret,introspection-url=http: //127.0.0.1}) /subsystem=elytron/token-realm=tokenRealm:write-attribute(name=oauth2-introspection.introspection-url,value=127.0.0.1) reload

      Description

      add operation for Elytron token-realm checks whether oauth2-introspection.introspection-url includes valid URL. However, in case when invalid URL is added with write-attribute operation then there is no validation. It results to failures during reloading/restarting server.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ivassile Ilia Vassilev
                  Reporter:
                  olukas Ondrej Lukas
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: