KEYCLOAK-2536

2016-02-29 16:05:25 -05:00 · 2016-02-29 16:05:25 -05:00 · 64daa568b9
commit 64daa568b9
parent 47652ae179
2 changed files with 12 additions and 0 deletions
--- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java
+++ b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java
@ -83,6 +83,7 @@ public class UndertowSessionTokenStore implements AdapterTokenStore {
        } else {
            log.debug("Account was not active, returning false");
            session.removeAttribute(KeycloakUndertowAccount.class.getName());
+            session.removeAttribute(KeycloakSecurityContext.class.getName());
            session.invalidate(exchange);
            return false;
        }
--- a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
@ -27,6 +27,7 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;

+import javax.xml.XMLConstants;
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBElement;
 import javax.xml.bind.util.JAXBSource;
@ -108,6 +109,16 @@ public class TransformerUtil {
                    SecurityActions.setTCCL(TransformerUtil.class.getClassLoader());
                }
                transformerFactory = TransformerFactory.newInstance();
+                try {
+                    transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+                } catch (TransformerConfigurationException e) {
+                    throw new RuntimeException(e);
+                }
+
+                transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+
+                transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+
            } finally {
                if (tccl_jaxp) {
                    SecurityActions.setTCCL(prevTCCL);