KEYCLOAK-2536

This commit is contained in:
Bill Burke 2016-02-29 16:05:25 -05:00
parent 47652ae179
commit 64daa568b9
2 changed files with 12 additions and 0 deletions

View file

@ -83,6 +83,7 @@ public class UndertowSessionTokenStore implements AdapterTokenStore {
} else { } else {
log.debug("Account was not active, returning false"); log.debug("Account was not active, returning false");
session.removeAttribute(KeycloakUndertowAccount.class.getName()); session.removeAttribute(KeycloakUndertowAccount.class.getName());
session.removeAttribute(KeycloakSecurityContext.class.getName());
session.invalidate(exchange); session.invalidate(exchange);
return false; return false;
} }

View file

@ -27,6 +27,7 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import org.w3c.dom.Node; import org.w3c.dom.Node;
import javax.xml.XMLConstants;
import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement; import javax.xml.bind.JAXBElement;
import javax.xml.bind.util.JAXBSource; import javax.xml.bind.util.JAXBSource;
@ -108,6 +109,16 @@ public class TransformerUtil {
SecurityActions.setTCCL(TransformerUtil.class.getClassLoader()); SecurityActions.setTCCL(TransformerUtil.class.getClassLoader());
} }
transformerFactory = TransformerFactory.newInstance(); transformerFactory = TransformerFactory.newInstance();
try {
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
} catch (TransformerConfigurationException e) {
throw new RuntimeException(e);
}
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
} finally { } finally {
if (tccl_jaxp) { if (tccl_jaxp) {
SecurityActions.setTCCL(prevTCCL); SecurityActions.setTCCL(prevTCCL);