KEYCLOAK-2536
This commit is contained in:
parent
47652ae179
commit
64daa568b9
2 changed files with 12 additions and 0 deletions
|
@ -83,6 +83,7 @@ public class UndertowSessionTokenStore implements AdapterTokenStore {
|
||||||
} else {
|
} else {
|
||||||
log.debug("Account was not active, returning false");
|
log.debug("Account was not active, returning false");
|
||||||
session.removeAttribute(KeycloakUndertowAccount.class.getName());
|
session.removeAttribute(KeycloakUndertowAccount.class.getName());
|
||||||
|
session.removeAttribute(KeycloakSecurityContext.class.getName());
|
||||||
session.invalidate(exchange);
|
session.invalidate(exchange);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,6 +27,7 @@ import org.w3c.dom.Document;
|
||||||
import org.w3c.dom.Element;
|
import org.w3c.dom.Element;
|
||||||
import org.w3c.dom.Node;
|
import org.w3c.dom.Node;
|
||||||
|
|
||||||
|
import javax.xml.XMLConstants;
|
||||||
import javax.xml.bind.JAXBContext;
|
import javax.xml.bind.JAXBContext;
|
||||||
import javax.xml.bind.JAXBElement;
|
import javax.xml.bind.JAXBElement;
|
||||||
import javax.xml.bind.util.JAXBSource;
|
import javax.xml.bind.util.JAXBSource;
|
||||||
|
@ -108,6 +109,16 @@ public class TransformerUtil {
|
||||||
SecurityActions.setTCCL(TransformerUtil.class.getClassLoader());
|
SecurityActions.setTCCL(TransformerUtil.class.getClassLoader());
|
||||||
}
|
}
|
||||||
transformerFactory = TransformerFactory.newInstance();
|
transformerFactory = TransformerFactory.newInstance();
|
||||||
|
try {
|
||||||
|
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||||
|
} catch (TransformerConfigurationException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
|
||||||
|
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||||
|
|
||||||
|
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||||
|
|
||||||
} finally {
|
} finally {
|
||||||
if (tccl_jaxp) {
|
if (tccl_jaxp) {
|
||||||
SecurityActions.setTCCL(prevTCCL);
|
SecurityActions.setTCCL(prevTCCL);
|
||||||
|
|
Loading…
Reference in a new issue