remote-check-token-invalid #1440
Conversation
|
@Clement-Leopold Please sign the Contributor License Agreement! Click here to manually synchronize the status of this Pull Request. See the FAQ for frequently asked questions. |
|
@Clement-Leopold Thank you for signing the Contributor License Agreement! |
| @@ -113,7 +113,7 @@ public OAuth2Authentication loadAuthentication(String accessToken) throws Authen | |||
| } | |||
|
|
|||
| // gh-838 | |||
| if (!Boolean.TRUE.equals(map.get("active"))) { | |||
| if (!Boolean.TRUE.toString().equals(map.get("active"))) { | |||
There was a problem hiding this comment.
@Clement-Leopold With this change, "true" would work, but true would not. The provider may return the active attribute as either a JSON boolean or string. We need to account for both types.
Can you please update and add a test as well?
There was a problem hiding this comment.
@jgrandja I've made some updates as you requested. thanks!
|
@jgrandja I've added one test and modified the condition code, if you have any suggestions please let me know, thanks! |
|
@jgrandja I am so sorry for that once I've pushed the author name. This is my fault. |
|
@Clement-Leopold I haven't had a chance to review this as of yet. We've been very busy working towards the upcoming Spring Security 5.1 release. I'm planning on circling back to this within the next couple of weeks. Thanks for your patience. |
|
@Clement-Leopold I'm going to close this PR as it's been addressed (and merged) in #1533 |
issue #1355 Getting invalid token using spring boot autoconfigure for the resource server
when I try to use the default RemoteTokenServices to check whether my token is valid in Spring Cloud, it failed.
And When I debug line by line, I find the line 116 in RemoteTokenServices checking the 'active' whether that is true or not, it failed to tell when it is true.
So I override the RemoteTokenServices, and changed the line to be this, it succeeded.