Merge pull request #1087 from nekdozjam/ELY-1507

[ELY-1507] JwtValidator issuer and audience check ignoring does not work

src/main/java/org/wildfly/security/auth/realm/token/validator/JwtValidator.java

@@ -169,6 +169,8 @@ private boolean verifySignature(String encodedHeader, String encodedClaims, Stri
     }
 
     private boolean hasValidAudience(JsonObject claims) throws RealmUnavailableException {
+        if (this.audiences.isEmpty()) return true;
+
         JsonValue audience = claims.get("aud");
 
         if (audience == null) {
@@ -186,7 +188,7 @@ private boolean hasValidAudience(JsonObject claims) throws RealmUnavailableExcep
 
         boolean valid = audClaimArray.stream()
                 .map(jsonValue -> (JsonString) jsonValue)
-                .anyMatch(audience1 -> audiences.contains(audience1.getString())) || audiences.isEmpty();
+                .anyMatch(audience1 -> audiences.contains(audience1.getString()));
 
         if (!valid) {
             log.debugf("Audience check failed. Provided [%s] but was expected [%s].", audClaimArray.toArray(), this.audiences);
@@ -196,13 +198,16 @@ private boolean hasValidAudience(JsonObject claims) throws RealmUnavailableExcep
     }
 
     private boolean hasValidIssuer(JsonObject claims) throws RealmUnavailableException {
+        if (this.issuers.isEmpty()) return true;
+
         String issuer = claims.getString("iss", null);
 
         if (issuer == null) {
+            log.debug("Token does not contain an issuer claim");
             return false;
         }
 
-        boolean valid = this.issuers.contains(issuer) || this.issuers.isEmpty();
+        boolean valid = this.issuers.contains(issuer);
 
         if (!valid) {
             log.debugf("Issuer check failed. Provided [%s] but was expected [%s].", issuer, this.issuers);