[
https://issues.apache.org/jira/browse/CXF-6338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14486408#comment-14486408
]
ASF GitHub Bot commented on CXF-6338:
-------------------------------------
GitHub user jsamarziya opened a pull request:
https://github.com/apache/cxf/pull/62
[CXF-6338] Fixed logic in AbstractJwtHandler#validateSignature
Corrected the conditional expression in signature validation method.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/jsamarziya/cxf master
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cxf/pull/62.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #62
----
commit effebb6585eb90fba62d1e8d5759890a7bd9fd7c
Author: Jeffrey Samarziya <[email protected]>
Date: 2015-04-09T00:13:51Z
CXF-6338
Reversed the logic in validateSignature()
commit ce30725690eef7fa32e9039d051754016d142dc3
Author: Jeffrey Samarziya <[email protected]>
Date: 2015-04-09T00:19:09Z
Merge remote-tracking branch 'upstream/master'
----
> Reversed logic in AbstractJwtHandler#validateSignature
> ------------------------------------------------------
>
> Key: CXF-6338
> URL: https://issues.apache.org/jira/browse/CXF-6338
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.0.4
> Reporter: Jeffrey Samarziya
> Priority: Minor
>
> The logic in the {{validateSignature}} method in
> {{org.apache.cxf.rs.security.oauth2.grants.jwt.AbstractJwtHandler}} is
> reversed - the method throws an OAuthServiceException when the signature is
> valid and doesn't throw an exception when the signature is not valid.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
