From 64daa568b9f28d8b383fa3b5e6ba5ac131d5587f Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Mon, 29 Feb 2016 16:05:25 -0500 Subject: [PATCH 1/2] KEYCLOAK-2536 --- .../adapters/undertow/UndertowSessionTokenStore.java | 1 + .../keycloak/saml/common/util/TransformerUtil.java | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java index e578f85bbe..80a71099ff 100755 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java +++ b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java @@ -83,6 +83,7 @@ public class UndertowSessionTokenStore implements AdapterTokenStore { } else { log.debug("Account was not active, returning false"); session.removeAttribute(KeycloakUndertowAccount.class.getName()); + session.removeAttribute(KeycloakSecurityContext.class.getName()); session.invalidate(exchange); return false; } diff --git a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java index c8026fd524..9f560f2e25 100755 --- a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java +++ b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java @@ -27,6 +27,7 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; +import javax.xml.XMLConstants; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; import javax.xml.bind.util.JAXBSource; @@ -108,6 +109,16 @@ public class TransformerUtil { SecurityActions.setTCCL(TransformerUtil.class.getClassLoader()); } transformerFactory = TransformerFactory.newInstance(); + try { + transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + } catch (TransformerConfigurationException e) { + throw new RuntimeException(e); + } + + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + } finally { if (tccl_jaxp) { SecurityActions.setTCCL(prevTCCL); From c0d0c1f39a357968702c4bdb2ae86aa296c4c948 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Mon, 29 Feb 2016 16:48:28 -0500 Subject: [PATCH 2/2] fix --- .../keycloak/saml/common/util/TransformerUtil.java | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java index 9f560f2e25..372a5dabc7 100755 --- a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java +++ b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java @@ -111,13 +111,16 @@ public class TransformerUtil { transformerFactory = TransformerFactory.newInstance(); try { transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - } catch (TransformerConfigurationException e) { - throw new RuntimeException(e); + } catch (TransformerConfigurationException ignored) { + // some platforms don't support this. For example our testsuite pulls Selenium which requires Xalan 2.7.1 } + try { + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); - transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); - - transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + } catch (Exception ignored) { + // some platforms don't support this. For example our testsuite pulls Selenium which requires Xalan 2.7.1 + } } finally { if (tccl_jaxp) {