Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 2741e4a4d -> 3d1e4197c
Fixing JoseSessionTokenProvider, with thanks to Romain Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3d1e4197 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3d1e4197 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3d1e4197 Branch: refs/heads/3.1.x-fixes Commit: 3d1e4197cc73ef8d16b6b21a48fc5f1ceecaeb14 Parents: 2741e4a Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Mon Jan 16 11:14:27 2017 +0000 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Mon Jan 16 11:15:49 2017 +0000 ---------------------------------------------------------------------- .../cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/3d1e4197/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java index edd14a6..5901652 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java @@ -124,7 +124,7 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide String stateString = jwe.decrypt(sessionToken).getContentText(); JwsSignatureVerifier jws = getInitializedSigVerifier(); if (jws != null) { - stateString = JwsUtils.verify(jws, stateString).getUnsignedEncodedSequence(); + stateString = JwsUtils.verify(jws, stateString).getDecodedJwsPayload(); } return stateString; }