JWSObject: <crit> section extended headers are negatively verified
Issue #66
resolved
Hi,
JWS:
I can see that <crit> parameter is being supported (Issue #43), but the verification method defined in the class JWSObject - ensureJWSVerifierAcceptance() - doesn't take into consideration header extensions defined in this section and, as a result,
JOSEException("One or more header parameters not accepted by the JWS verifier") exceptions is being thrown.
Comments (3)
-
-
Hi,
The default behaviour of the JWS verifiers is to reject JWS objects with non-standard header parameters. This is controlled by the HeaderFilter interface.
To allow non-standard headers to pass through you can do the following:
JWSVerifier verifier = new MACVerifier(); Set<String> acceptedParams = new HashSet<String>(); // Add all std params acceptedParams.addAll(JWSHeader.getReservedParameterNames()); // Add custom 'x_param' acceptedParams.add("x_param"); verifier.getJWSHeaderFilter().setAcceptedParameters(acceptedParams);
Please, let me know if this solves your issue.
I will see that we improve the docs regarding header params filtering.
-
- changed status to resolved
- Log in to comment
Thank you for reporting this issue, I will look at the code.