[tomee] branch main updated: TOMEE-3948 Reject signed JWTs when decryption key is configured

[db...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

dblevins pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomee.git


The following commit(s) were added to refs/heads/main by this push:
     new e2dec101e7 TOMEE-3948 Reject signed JWTs when decryption key is configured
e2dec101e7 is described below

commit e2dec101e7a38629e9bfb8d70b9568ca6d18d8aa
Author: David Blevins <db...@tomitribe.com>
AuthorDate: Fri Sep 9 20:17:25 2022 -0700

    TOMEE-3948 Reject signed JWTs when decryption key is configured
---
 .../src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
index 23b086f3e0..da951b974c 100644
--- a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
@@ -415,11 +415,14 @@ public class MPJWTFilter implements Filter {
                 if (authContextInfo.getDecryptKeys().size() == 1) {
                     final Key decryptionKey = authContextInfo.getDecryptKeys().values().iterator().next();
                     builder.setDecryptionKey(decryptionKey);
+                    builder.setEnableRequireEncryption();
                 } else if (authContextInfo.getDecryptKeys().size() > 1) {
                     builder.setDecryptionKeyResolver(new JwksDecryptionKeyResolver(asJwks(authContextInfo.getDecryptKeys())));
+                    builder.setEnableRequireEncryption();
                 }
 
 
+
                 final JwtConsumer jwtConsumer = builder.build();
                 final JwtContext jwtContext = jwtConsumer.process(token);
                 final String type = jwtContext.getJoseObjects().get(0).getHeader("typ");