Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fail gracefully on invalid token strings (#51014)

When we receive a request with an Authorization header that contains
a Bearer token that is not generated by us or that is malformed in
some way, attempting to decode it as one of our own might cause a
number of exceptions that are not IOExceptions. This commit ensures
that we catch and log these too and call onResponse with `null, so
that we can return 401 instead of 500.

Resolves: #50497
Ioannis Kakavas 5 years ago
parent
15a9fcd5eb
commit
b02119c423
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java

+ 1 - 1
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java
View File 

@@ -526,7 +526,7 @@ public final class TokenService {
 
                     listener.onResponse(null);
 
                 }
 
             }
 
-        } catch (IOException e) {
 
+        } catch (Exception e) {
 
             // could happen with a token that is not ours
 
             if (logger.isDebugEnabled()) {
 
                logger.debug("built in token service unable to decode token", e);