Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Type cast error in sample code at JWT token section #1200

Closed
jp3pe opened this issue Dec 28, 2021 · 4 comments
Closed

Type cast error in sample code at JWT token section #1200

jp3pe opened this issue Dec 28, 2021 · 4 comments
Labels
waiting for release Issue is fix, waiting on new release
Milestone
2023.0

Comments

@jp3pe
Copy link

jp3pe commented Dec 28, 2021

Test environment

java: zulu-17
Build: Gradle
Added dependencies: (io.jsonwebtoken:jjwt:0.9.1', javax.xml.bind:jaxb-api:2.3.1)

Location

JWT tokens section-7th problem-second sample code
/WebGoat/start.mvc#lesson/JWT.lesson/6

Issue

At the second sample code on the page, the code convert claims.get("admin") to (String).
I ran the code and it return the error class java.lang.Boolean cannot be cast to class java.lang.String

Solution

Change Boolean.valueOf((String) claims.get("admin")) to Boolean.valueOf(String.valueOf(claims.get("admin")))

PS

I'm not good at Java and Web security.
If the issue was occurred by a different JVM version or my misunderstanding, please ignore it.
@github-actions
Copy link

Thanks for submitting your first issue, we will have a look as quickly as possible.

@nbaars
Copy link
Collaborator

nbaars commented Jan 11, 2022

@jp3pe the code is also part of the Java code in JWTVotesEndpoint we use:

Jwt jwt = Jwts.parser().setSigningKey(JWT_PASSWORD).parse(accessToken);
Claims claims = (Claims) jwt.getBody();
boolean isAdmin = Boolean.valueOf((String) claims.get("admin"));

can you share your code?

@nbaars
Copy link
Collaborator

nbaars commented Jan 2, 2023

Looking at the issue again, the issue is:

{
  "admin": true
}

updated the code accordingly. @jp3pe thanks for raising this issue.

@nbaars nbaars added waiting for release Issue is fix, waiting on new release and removed waiting for input labels Jan 2, 2023
@nbaars nbaars added this to the 8.2.3 milestone Jan 2, 2023
@nbaars
Copy link
Collaborator

nbaars commented Jan 6, 2023

Closing as we released 2023.3

@nbaars nbaars closed this as completed Jan 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
waiting for release Issue is fix, waiting on new release
Projects
None yet
Milestone
2023.0
Development

No branches or pull requests
2 participants
@nbaars @jp3pe