Uploaded image for project: 'CAS Server'
  1. CAS-1335

Disallow and reject empty service registry configurations

    Details

    • Type: Security Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.2
    • Fix Version/s: 4.0
    • Component/s: Authentication
    • Labels:
      None

      Description

      The DefaultServicesManagerImpl returns an instance of RegisteredServiceImpl that is friendly to all, when no service definitions are specified and the consumed list is empty.

      if (c.isEmpty()) {
                  return this.disabledRegisteredService;
      }
      

      Disallows this behavior and locks down the service registry configuration to at least one definition. Authentication should fail when no services are defined, when this feature is activated.

        Attachments

          Activity

            People

            • Assignee:
              mmoayyed Misagh Moayyed
              Reporter:
              mmoayyed Misagh Moayyed
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: