You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by ilgrosso <gi...@git.apache.org> on 2018/06/27 07:37:49 UTC
[GitHub] syncope issue #79: Exposed JWT signature algorithm in security.properties. T...
Github user ilgrosso commented on the issue:
https://github.com/apache/syncope/pull/79
Hi @noorulrazvi-saal, thanks for this PR!
Before merging, could you please:
1. sign and send an [ICLA](http://syncope.apache.org/contributing#How_do_I_become_a_contributor_or_a_committer)
1. open an issue on [JIRA](https://issues.apache.org/jira/projects/SYNCOPE?) for such an improvement
1. fix the failing tests (maybe the reason is only the default value for algorithm, as pointed in my previous comemnt):
```
[INFO] Running org.apache.syncope.fit.core.JWTITCase
[ERROR] Tests run: 12, Failures: 1, Errors: 2, Skipped: 0, Time elapsed: 2.75 s <<< FAILURE! - in org.apache.syncope.fit.core.JWTITCase
[ERROR] queryUsingToken Time elapsed: 0.26 s <<< ERROR!
java.security.AccessControlException: Invalid signature found in JWT
at org.apache.syncope.fit.core.JWTITCase.queryUsingToken(JWTITCase.java:129)
[ERROR] tokenValidation Time elapsed: 0.14 s <<< ERROR!
java.security.AccessControlException: Invalid signature found in JWT
at org.apache.syncope.fit.core.JWTITCase.tokenValidation(JWTITCase.java:174)
[ERROR] getJWTToken Time elapsed: 0.246 s <<< FAILURE!
org.opentest4j.AssertionFailedError: expected: <true> but was: <false>
at org.apache.syncope.fit.core.JWTITCase.getJWTToken(JWTITCase.java:80)
```
Thanks!
---