libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Merge pull request #464 from patriot1burke/master

Browse source 
keycloak-518
This commit is contained in:
Bill Burke 2014-06-16 10:48:34 -04:00
commit 44f446e745
2 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
core/src/main/java/org/keycloak/RSATokenVerifier.java
View file

@ -17,7 +17,12 @@ public class RSATokenVerifier {
}
public static AccessToken verifyToken(String tokenString, PublicKey realmKey, String realm, boolean checkActive) throws VerificationException {
JWSInput input = new JWSInput(tokenString);
JWSInput input = null;
try {
input = new JWSInput(tokenString);
} catch (Exception e) {
throw new VerificationException("Couldn't parse token", e);
}
if (!isPublicKeyValid(input, realmKey)) throw new VerificationException("Invalid token signature.");
AccessToken token;

19
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
View file

@ -55,6 +55,7 @@ import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import java.net.URL;
import java.security.PublicKey;
@ -280,4 +281,22 @@ public class AdapterTest {
keycloakSession.getTransaction().commit();
keycloakSession.close();
}
/**
* KEYCLOAK-518
* @throws Exception
*/
@Test
public void testNullBearerToken() throws Exception {
Client client = ClientBuilder.newClient();
WebTarget target = client.target("http://localhost:8081/customer-db");
Response response = target.request().get();
Assert.assertEquals(401, response.getStatus());
response.close();
response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer null").get();
Assert.assertEquals(401, response.getStatus());
response.close();
client.close();
}
}