search

WrenSecurity / wrenam

Community fork of OpenAM, an authentication and authorization system originally developed by ForgeRock.
Other
43 stars 27 forks source link

Policy engine is not able to match URL resource with multiple question marks #44

Open pavelhoral opened 5 years ago

pavelhoral commented 5 years ago

Based on gitter question:

URL based policy for *://*:*/*?* is not able to match queries containing question mark (e.g. http://example.com/foo?bar?baz), which are a valid URL.

I was able to debug policy evaluation up to SimpleReferenceTree#searchTree which is responsible for resource pattern matching. However as I am not that familiar with policy / privilege internals, I am not able to provide an easy solution or workaround (maybe such behaviour is expected?). This needs a little bit more attention than I am able to give right now.

pavelhoral commented 5 years ago

Might have the same cause as https://bugster.forgerock.org/jira/browse/OPENAM-11673 .