Alejandro Moratinos created OAK-11899:
-----------------------------------------
Summary: Empty tokenLength property values cause token not being
generated
Key: OAK-11899
URL: https://issues.apache.org/jira/browse/OAK-11899
Project: Jackrabbit Oak
Issue Type: Bug
Components: core, security
Reporter: Alejandro Moratinos
Depending on the token configuration values
[TokenConfigurationImpl|https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java#L72-L75]
allows an empty value to be introduced.
If an empty string is added later in the
[TokenProviderImpl|https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java#L436]
the default value should be used but as the value cannot be transformed to an
integer the transformation fails so a Token it's not created.
Check this log output:
{noformat}
24.08.2025 19:23:53.304 *DEBUG*
org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl
Found pre-authenticated subject: No further login actions required.
24.08.2025 19:23:53.304 *DEBUG*
org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl
Found pre-authenticated subject: No further login actions required.
24.08.2025 19:23:53.305 *DEBUG* ]
org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl Adding
Credentials to shared state.
24.08.2025 19:23:53.305 *DEBUG*
org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl Adding
login name to shared state.
24.08.2025 19:23:53.305 *WARN*
org.apache.jackrabbit.oak.spi.security.ConfigurationParameters Invalid value ;
cannot be parsed into java.lang.Integer{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
