Prosoft Git

keycloak-aplcache

Merge pull request #464 from patriot1burke/master keycloak-518

6/16/2014 11:48:34 AM
Bill Burke

Bill Burke

Commit: 44f446e

Tree: 772469b

Parents: bbf944a
c71fdc7

Changes

core/src/main/java/org/keycloak/RSATokenVerifier.java 7(+6 -1)

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java 19(+19 -0)

Details

core/src/main/java/org/keycloak/RSATokenVerifier.java 7(+6 -1) 

diff --git a/core/src/main/java/org/keycloak/RSATokenVerifier.java b/core/src/main/java/org/keycloak/RSATokenVerifier.java
index 0a55fd1..da258c3 100755
--- a/core/src/main/java/org/keycloak/RSATokenVerifier.java
+++ b/core/src/main/java/org/keycloak/RSATokenVerifier.java
@@ -17,7 +17,12 @@ public class RSATokenVerifier {
     }
 
     public static AccessToken verifyToken(String tokenString, PublicKey realmKey, String realm, boolean checkActive) throws VerificationException {
-        JWSInput input = new JWSInput(tokenString);
+        JWSInput input = null;
+        try {
+            input = new JWSInput(tokenString);
+        } catch (Exception e) {
+            throw new VerificationException("Couldn't parse token", e);
+        }
         if (!isPublicKeyValid(input, realmKey)) throw new VerificationException("Invalid token signature.");
 
         AccessToken token;

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java 19(+19 -0) 

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
index c7f1d4d..d478a1e 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
@@ -55,6 +55,7 @@ import javax.ws.rs.client.ClientBuilder;
 import javax.ws.rs.client.WebTarget;
 import javax.ws.rs.core.GenericType;
 import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import java.net.URL;
 import java.security.PublicKey;
@@ -280,4 +281,22 @@ public class AdapterTest {
         keycloakSession.getTransaction().commit();
         keycloakSession.close();
     }
+
+    /**
+     * KEYCLOAK-518
+     * @throws Exception
+     */
+    @Test
+    public void testNullBearerToken() throws Exception {
+        Client client = ClientBuilder.newClient();
+        WebTarget target = client.target("http://localhost:8081/customer-db");
+        Response response = target.request().get();
+        Assert.assertEquals(401, response.getStatus());
+        response.close();
+        response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer null").get();
+        Assert.assertEquals(401, response.getStatus());
+        response.close();
+        client.close();
+
+    }
 }

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github