vertx-web icon indicating copy to clipboard operation
vertx-web copied to clipboard

Published 20 hours ago verified publisher icon vert-x3

vertx-web-openapi: Security scopes can leak across routes

Open ikstewa opened this issue 2 years ago • 0 comments

Version

4.1+

Context

As of VertX 4.1, when scopes are defined in a security for a route, it's possible for the required scopes to also be applied to unrelated routes.

This commit for 4.1.0.Beta1 updates the AuthenticationHandlersStore to ensure the returned AuthenticationHandler is configured with the appropriate scopes for the route. However the implementation is modifying the original list stored in the AuthenticationHandlersStore. This results in subsequent uses of the same security scheme to have an AuthenticationHandler with the previously applied scopes.

Do you have a reproducer?

https://github.com/vert-x3/vertx-web/pull/2255

ikstewa avatar Aug 19 '22 19:08 ikstewa