test(jans-auth-server): fixed StatusListHttpTest failure #8823

[yuriyz]

Description

test(jans-auth-server): fixed StatusListHttpTest failure

Target issue

closes #8823

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code change provided is related to a test case for the StatusListHttpTest class in the jans-auth-server project. This test case is responsible for verifying the functionality of the token status list feature in the Jans Authentication Server. The changes made in this pull request do not introduce any obvious security concerns and appear to be focused on maintaining the security and integrity of the token management functionality in the application.

The test case covers important security-related aspects, such as token revocation, token status verification, and secure token handling. The removal of the setAcrValues method call from the AuthorizationRequest object does not have any direct security implications, as the Authentication Context Class Reference (ACR) values are not mandatory for the authorization request.

Overall, the changes in this pull request seem to be focused on ensuring the proper functioning of the token management features in the Jans Authentication Server, which is a crucial aspect of maintaining the security of the application.

Files Changed:

• jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/token/StatusListHttpTest.java: This file contains a test case that verifies the functionality of the token status list feature in the Jans Authentication Server. The changes made in this pull request remove the setAcrValues method call from the AuthorizationRequest object, which does not have any direct security implications. The test case covers important security-related aspects, such as token revocation, token status verification, and secure token handling.

Powered by DryRun Security