Prosoft Git

keycloak-aplcache

Merge pull request #2300 from patriot1burke/master KEYCLOAK-2536

2/29/2016 10:08:19 PM
Bill Burke

Bill Burke

Commit: 8aa0727

Tree: 12ac681

Parents: 47652ae
c0d0c1f

Changes

adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java 1(+1 -0)

saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java 14(+14 -0)

Details

adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java 1(+1 -0) 

diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java
index e578f85..80a7109 100755
--- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java
+++ b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java
@@ -83,6 +83,7 @@ public class UndertowSessionTokenStore implements AdapterTokenStore {
         } else {
             log.debug("Account was not active, returning false");
             session.removeAttribute(KeycloakUndertowAccount.class.getName());
+            session.removeAttribute(KeycloakSecurityContext.class.getName());
             session.invalidate(exchange);
             return false;
         }

saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java 14(+14 -0) 

diff --git a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
index c8026fd..372a5da 100755
--- a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
@@ -27,6 +27,7 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import javax.xml.XMLConstants;
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBElement;
 import javax.xml.bind.util.JAXBSource;
@@ -108,6 +109,19 @@ public class TransformerUtil {
                     SecurityActions.setTCCL(TransformerUtil.class.getClassLoader());
                 }
                 transformerFactory = TransformerFactory.newInstance();
+                try {
+                    transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+                } catch (TransformerConfigurationException ignored) {
+                    // some platforms don't support this.   For example our testsuite pulls Selenium which requires Xalan 2.7.1
+                }
+                try {
+                    transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+
+                    transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+                } catch (Exception ignored) {
+                    // some platforms don't support this.   For example our testsuite pulls Selenium which requires Xalan 2.7.1
+                }
+
             } finally {
                 if (tccl_jaxp) {
                     SecurityActions.setTCCL(prevTCCL);

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github