This is an automated email from the ASF dual-hosted git repository.

chibenwa pushed a commit to branch 3.8.x
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit c8f079a0bda130eb9409c5ac3629a04a2f96ac3b
Author: Benoit TELLIER <[email protected]>
AuthorDate: Mon Jan 19 16:53:50 2026 +0100

    [ENHANCEMENT] Relax Introspect requirement
---
 .../distributed-app/docs/modules/ROOT/pages/configure/imap.adoc  | 2 --
 .../distributed-app/docs/modules/ROOT/pages/configure/smtp.adoc  | 2 --
 .../main/java/org/apache/james/jwt/OidcSASLConfiguration.java    | 9 +--------
 server/protocols/protocols-imap4/pom.xml                         | 2 +-
 server/protocols/protocols-lmtp/pom.xml                          | 2 +-
 server/protocols/protocols-smtp/pom.xml                          | 2 +-
 6 files changed, 4 insertions(+), 15 deletions(-)

diff --git 
a/server/apps/distributed-app/docs/modules/ROOT/pages/configure/imap.adoc 
b/server/apps/distributed-app/docs/modules/ROOT/pages/configure/imap.adoc
index bb1da25807..d98fc3648c 100644
--- a/server/apps/distributed-app/docs/modules/ROOT/pages/configure/imap.adoc
+++ b/server/apps/distributed-app/docs/modules/ROOT/pages/configure/imap.adoc
@@ -71,9 +71,7 @@ Compulsory but can be relaxed with 
`-Djames.sasl.oidc.validate.aud=false`
 
 | auth.oidc.introspection.url
 | Optional. An OAuth introspection token URL will be called to validate the 
token (RF: RFC7662).
-Required to harden access token validation, but can be relaxed with 
`-Djames.sasl.oidc.force.introspect=false`
 Note that James always verifies the signature of the token even whether this 
configuration is provided or not.
-This endpoint is expected to return `aud`.
 
 | auth.oidc.introspection.auth
 | Optional. Provide Authorization in header request when introspecting token.
diff --git 
a/server/apps/distributed-app/docs/modules/ROOT/pages/configure/smtp.adoc 
b/server/apps/distributed-app/docs/modules/ROOT/pages/configure/smtp.adoc
index 0b648b054a..ed3afb6e20 100644
--- a/server/apps/distributed-app/docs/modules/ROOT/pages/configure/smtp.adoc
+++ b/server/apps/distributed-app/docs/modules/ROOT/pages/configure/smtp.adoc
@@ -115,9 +115,7 @@ Compulsory but can be relaxed with 
`-Djames.sasl.oidc.validate.aud=false`
 
 | auth.oidc.introspection.url
 | Optional. An OAuth introspection token URL will be called to validate the 
token (RF: RFC7662).
-Required to harden access token validation, but can be relaxed with 
`-Djames.sasl.oidc.force.introspect=false`
 Note that James always verifies the signature of the token even whether this 
configuration is provided or not.
-This endpoint is expected to return `aud`.
 
 | auth.oidc.introspection.auth
 | Optional. Provide Authorization in header request when introspecting token.
diff --git 
a/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcSASLConfiguration.java
 
b/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcSASLConfiguration.java
index 4a0db876cd..8f17de4bbb 100644
--- 
a/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcSASLConfiguration.java
+++ 
b/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcSASLConfiguration.java
@@ -136,14 +136,7 @@ public class OidcSASLConfiguration {
         String introspectionUrl = configuration.getString("introspection.url", 
null);
         String userInfoUrl = configuration.getString("userinfo.url", null);
         String aud = configuration.getString("aud", null);
-
-        if (introspectionUrl == null) {
-            if (FORCE_INTROSPECT) {
-                throw new IllegalArgumentException("'introspection.url' is 
mandatory for secure set up. Disable this check with 
-Djames.sasl.oidc.force.introspect=false.");
-            } else {
-                LOGGER.warn("'introspection.url' is mandatory for secure set 
up. This check was disabled with -Djames.sasl.oidc.force.introspect=false.");
-            }
-        }
+        
         if (aud == null) {
             if (VALIDATE_AUD) {
                 throw new IllegalArgumentException("'aud' is mandatory for 
secure set up. Disable this check with -Djames.sasl.oidc.validate.aud=false.");
diff --git a/server/protocols/protocols-imap4/pom.xml 
b/server/protocols/protocols-imap4/pom.xml
index 69ea06b187..06dfb8c69d 100644
--- a/server/protocols/protocols-imap4/pom.xml
+++ b/server/protocols/protocols-imap4/pom.xml
@@ -192,7 +192,7 @@
                     </systemPropertyVariables>
                     <argLine>-Djava.library.path=
                         
-javaagent:"${settings.localRepository}"/org/jacoco/org.jacoco.agent/${jacoco-maven-plugin.version}/org.jacoco.agent-${jacoco-maven-plugin.version}-runtime.jar=destfile=${basedir}/target/jacoco.exec
-                        -Xms512m -Xmx1024m 
-Djames.sasl.oidc.force.introspect=false 
-Djames.sasl.oidc.validate.aud=false</argLine>
+                        -Xms1024m -Xmx2048m 
-Djames.sasl.oidc.validate.aud=false</argLine>
                     <reuseForks>true</reuseForks>
                     <!-- Fail tests longer than 20 minutes, prevent form 
random locking tests -->
                     
<forkedProcessTimeoutInSeconds>1200</forkedProcessTimeoutInSeconds>
diff --git a/server/protocols/protocols-lmtp/pom.xml 
b/server/protocols/protocols-lmtp/pom.xml
index 0368fa6302..e1ffab357e 100644
--- a/server/protocols/protocols-lmtp/pom.xml
+++ b/server/protocols/protocols-lmtp/pom.xml
@@ -190,7 +190,7 @@
                     </systemPropertyVariables>
                     <argLine>-Djava.library.path=
                         
-javaagent:"${settings.localRepository}"/org/jacoco/org.jacoco.agent/${jacoco-maven-plugin.version}/org.jacoco.agent-${jacoco-maven-plugin.version}-runtime.jar=destfile=${basedir}/target/jacoco.exec
-                        -Xms512m -Xmx1024m 
-Djames.sasl.oidc.force.introspect=false 
-Djames.sasl.oidc.validate.aud=false</argLine>
+                        -Xms512m -Xmx1024m 
-Djames.sasl.oidc.validate.aud=false</argLine>
                     <reuseForks>true</reuseForks>
                     <!-- Fail tests longer than 20 minutes, prevent form 
random locking tests -->
                     
<forkedProcessTimeoutInSeconds>1200</forkedProcessTimeoutInSeconds>
diff --git a/server/protocols/protocols-smtp/pom.xml 
b/server/protocols/protocols-smtp/pom.xml
index 2c6f13f3e7..8721d252a9 100644
--- a/server/protocols/protocols-smtp/pom.xml
+++ b/server/protocols/protocols-smtp/pom.xml
@@ -226,7 +226,7 @@
                     </systemPropertyVariables>
                     <argLine>-Djava.library.path=
                         
-javaagent:"${settings.localRepository}"/org/jacoco/org.jacoco.agent/${jacoco-maven-plugin.version}/org.jacoco.agent-${jacoco-maven-plugin.version}-runtime.jar=destfile=${basedir}/target/jacoco.exec
-                        -Xms512m -Xmx1024m 
-Djames.sasl.oidc.force.introspect=false 
-Djames.sasl.oidc.validate.aud=false</argLine>
+                        -Xms512m -Xmx1024m 
-Djames.sasl.oidc.validate.aud=false</argLine>
                     <reuseForks>true</reuseForks>
                     <!-- Fail tests longer than 20 minutes, prevent form 
random locking tests -->
                     
<forkedProcessTimeoutInSeconds>1200</forkedProcessTimeoutInSeconds>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to