Skip to content

Commit

Permalink
Fixed JWT validation according to GHSA-fjq8-896w-pv28
Browse files Browse the repository at this point in the history
  • Loading branch information
@oliver-jung
oliver-jung committed May 20, 2021
1 parent ad119be commit 12197a7
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion utility/src/main/java/eu/nimble/utility/validation/ValidationUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ public Claims validateToken(String token) throws AuthenticationException {
RsaKeyUtil rsaKeyUtil = new RsaKeyUtil();
PublicKey publicKey = rsaKeyUtil.fromPemEncoded(keycloakPublicKey);

return (Claims) Jwts.parser().setSigningKey(publicKey).parse(token.replace("Bearer ", "")).getBody();
return Jwts.parser().setSigningKey(publicKey).parseJws(token.replace("Bearer ", "")).getBody();
} catch (Exception e){
throw new AuthenticationException(String.format("Failed to check user authorization for token: %s", token), e);
}
Expand Down

0 comments on commit 12197a7

Please sign in to comment.