Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KNOX-2455 - Upgrade Shiro to 1.6.0 #378

Merged
merged 2 commits into from
Sep 24, 2020

Conversation

moresandeep
Copy link
Contributor

What changes were proposed in this pull request?

This PR is to upgrade Shiro library to 1.6.0. Shiro 1.6.0 introduces some drastic changes in response to a security issue (see Global Filters) these changes will break some of the proxying services that include ; \ in the URL. ; is most commonly used for jsessionid so that likely will introduce some breakage. We try to mitigate this breakage by turning off blocking ;, \ and non-ascii characters by setting the following properties to false out of the box.

  1. invalidRequest.blockBackslash = false
  2. invalidRequest.blockSemicolon = false
  3. invalidRequest.blockNonAscii = false

These properties can be set to true in Knox topology (by adding shiro providers param section).
This PR also adds unit tests to test these changes.

How was this patch tested?

This patch was tested locally.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants