Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP resource auth annotations do not get applied for paths with dot and special chars #1838

Closed
ldclakmal opened this issue Aug 31, 2021 · 0 comments · Fixed by ballerina-platform/module-ballerina-http#611
Closed

HTTP resource auth annotations do not get applied for paths with dot and special chars #1838

ldclakmal opened this issue Aug 31, 2021 · 0 comments · Fixed by ballerina-platform/module-ballerina-http#611
Assignees
@ldclakmal
Labels
Area/Security Issues related to stdlib security module/http Points/0.5 Team/PCM Protocol connector packages related issues Type/Bug
Milestone
Swan Lake Beta3

Comments

@ldclakmal
Copy link
Member

ldclakmal commented Aug 31, 2021
edited
Loading

Description:
HTTP resource auth annotations do not get applied for paths with dot (.) and special chars (ex: $, @).

Steps to reproduce:
The HTTP resources defined in the following example is not secured even-though it is annotated with auth configurations.

import ballerina/http;

http:JwtValidatorConfig config = {
    issuer: "wso2",
    audience: "ballerina",
    signatureConfig: {
        jwksConfig: {
            url: "https://localhost:9445/oauth2/jwks",
            clientConfig: {
                secureSocket: {
                    cert: "./resources/public.crt"
                }
            }
        }
    }
};

service /foo on new http:Listener(9090) {

    @http:ResourceConfig {
        auth: [
            {
                jwtValidatorConfig: config
            }
        ]
    }
    resource function get .() returns string {
        return "Hello, World!";
    }
    
    @http:ResourceConfig {
        auth: [
            {
                jwtValidatorConfig: config
            }
        ]
    }
    resource function get foo\$bar\@() returns string {
        return "Hello, World!";
    }
}
$ curl http://localhost:9090/foo
Hello, World!

$ curl http://localhost:9090/foo/foo%24bar%40
Hello, World!
@ldclakmal ldclakmal added Type/Bug Area/Security Issues related to stdlib security module/http Team/PCM Protocol connector packages related issues labels Aug 31, 2021
@ldclakmal ldclakmal self-assigned this Aug 31, 2021
@ldclakmal ldclakmal mentioned this issue Aug 31, 2021
Merged
3 tasks
@ldclakmal ldclakmal added this to the Swan Lake Beta3 milestone Aug 31, 2021
ldclakmal added a commit to ldclakmal/module-ballerina-jwt that referenced this issue Sep 1, 2021
@ldclakmal
Refactor API with related to ballerina-platform/ballerina-library#1838
7e50503
ldclakmal added a commit to ldclakmal/module-ballerina-jwt that referenced this issue Sep 1, 2021
@ldclakmal
Refactor API with related to ballerina-platform/ballerina-library#1838
b2cc736
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ldclakmal ldclakmal

Labels
Area/Security Issues related to stdlib security module/http Points/0.5 Team/PCM Protocol connector packages related issues Type/Bug
Projects
None yet
Milestone
Swan Lake Beta3
1 participant
@ldclakmal