KEYCLOAK-2536

This commit is contained in:
Bill Burke 2016-02-29 16:05:25 -05:00
parent 47652ae179
commit 64daa568b9
2 changed files with 12 additions and 0 deletions

View file

@ -83,6 +83,7 @@ public class UndertowSessionTokenStore implements AdapterTokenStore {
} else {
log.debug("Account was not active, returning false");
session.removeAttribute(KeycloakUndertowAccount.class.getName());
session.removeAttribute(KeycloakSecurityContext.class.getName());
session.invalidate(exchange);
return false;
}

View file

@ -27,6 +27,7 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import javax.xml.XMLConstants;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.util.JAXBSource;
@ -108,6 +109,16 @@ public class TransformerUtil {
SecurityActions.setTCCL(TransformerUtil.class.getClassLoader());
}
transformerFactory = TransformerFactory.newInstance();
try {
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
} catch (TransformerConfigurationException e) {
throw new RuntimeException(e);
}
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
} finally {
if (tccl_jaxp) {
SecurityActions.setTCCL(prevTCCL);