Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7677

Missing validation for write-attribute operation for introspection-url from Elytron token-realm

    XMLWordPrintable

Details

    • Hide

      Use standalone-elytron.xml and execute following CLI commands:

      /subsystem=elytron/token-realm=tokenRealm:add(oauth2-introspection={client-id=id,client-secret=secret,introspection-url=http://127.0.0.1})
      /subsystem=elytron/token-realm=tokenRealm:write-attribute(name=oauth2-introspection.introspection-url,value=127.0.0.1)
      reload
      
      Show
      Use standalone-elytron.xml and execute following CLI commands: /subsystem=elytron/token-realm=tokenRealm:add(oauth2-introspection={client-id=id,client-secret=secret,introspection-url=http: //127.0.0.1}) /subsystem=elytron/token-realm=tokenRealm:write-attribute(name=oauth2-introspection.introspection-url,value=127.0.0.1) reload

    Description

      add operation for Elytron token-realm checks whether oauth2-introspection.introspection-url includes valid URL. However, in case when invalid URL is added with write-attribute operation then there is no validation. It results to failures during reloading/restarting server.

      Attachments

        Issue Links

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: WFLY

              People

                rhn-support-ivassile Ilia Vassilev
                olukas Ondrej Lukas (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: