[
https://issues.apache.org/jira/browse/CXF-6338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Beryozkin resolved CXF-6338.
-----------------------------------
Resolution: Fixed
Fix Version/s: 3.0.5
3.1.0
Assignee: Sergey Beryozkin
Hi, thanks for a patch, I haven't looked much into supporting JWT Bearer grants
properly yet (not sure what IDP can produce them at this stage) hence the code
is a bit untested so far :-). The abstract level code will need to be enhanced
a bit with the validation logic too, we can take care of it gradually...
Cheers, Sergey
> Reversed logic in AbstractJwtHandler#validateSignature
> ------------------------------------------------------
>
> Key: CXF-6338
> URL: https://issues.apache.org/jira/browse/CXF-6338
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.0.4
> Reporter: Jeffrey Samarziya
> Assignee: Sergey Beryozkin
> Priority: Minor
> Fix For: 3.1.0, 3.0.5
>
>
> The logic in the {{validateSignature}} method in
> {{org.apache.cxf.rs.security.oauth2.grants.jwt.AbstractJwtHandler}} is
> reversed - the method throws an OAuthServiceException when the signature is
> valid and doesn't throw an exception when the signature is not valid.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
