Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] DefaultContextResolver is not using defaultRealm value from the PolarisApplicationConfig #281

Open
1 task done
almazgalievisl opened this issue Sep 11, 2024 · 1 comment · May be fixed by #309
Open
1 task done

[BUG] DefaultContextResolver is not using defaultRealm value from the PolarisApplicationConfig #281

almazgalievisl opened this issue Sep 11, 2024 · 1 comment · May be fixed by #309
Labels
bug Something isn't working

Comments

@almazgalievisl
Copy link

Is this a possible security vulnerability?

  • This is NOT a possible security vulnerability

Describe the bug

PolarisApplicationConfig defines defaultRealm and allows overriding it trough configuration file. DefaultContextResolver ignores a value from the configuration.

To Reproduce

  1. Setup an eclipse link with a database name which is different from default-realm
  2. Set defaultRealm in the configuration yaml file
  3. Try to connect to get the token without setting realm explicitly in the request's headers
  4. Polaris returns an error:
FATAL: database 'default-realm' does not exist

Actual Behavior

Configuration setting is not a source of truth for the all components

Expected Behavior

Configuration setting defines a default value for the all components

Additional context

No response

System information

No response
@almazgalievisl almazgalievisl added the bug Something isn't working label Sep 11, 2024
@loicalleyne
Copy link

I came across the same issue, but since this error is thrown when the realm is incorrect or the bearer token is missing perhaps it could also indicate an attempt at unauthorized access. Either way the message returned could be clearer.

@eric-maynard eric-maynard linked a pull request Sep 19, 2024 that will close this issue
Open
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

DefaultContextResolver should respect the defaultRealm configuration eric-maynard/polaris
2 participants
@loicalleyne @almazgalievisl