Merge pull request #812 from stianst/master

Fixes
2014-10-29 14:21:18 +01:00 · 2014-10-29 14:21:18 +01:00 · 03b8aa1fc2
commit 03b8aa1fc2
parent fb5482a725 05b6dc7af4
3 changed files with 59 additions and 12 deletions
--- a/core/src/main/java/org/keycloak/util/UriUtils.java
+++ b/core/src/main/java/org/keycloak/util/UriUtils.java
@ -8,7 +8,7 @@ import java.util.regex.Pattern;
 */
 public class UriUtils {

-    private static final Pattern originPattern = Pattern.compile("(http://|https://)[\\w]+(\\.[\\w]+)*(:[\\d]{2,5})?");
+    private static final Pattern originPattern = Pattern.compile("(http://|https://)[\\w-]+(\\.[\\w-]+)*(:[\\d]{2,5})?");

    public static String getOrigin(URI uri) {
        return getOrigin(uri.toString());
--- a/core/src/test/java/org/keycloak/util/UriUtilsTest.java
+++ b/core/src/test/java/org/keycloak/util/UriUtilsTest.java
@ -24,6 +24,8 @@ public class UriUtilsTest {
        assertValid("http://192.168.123.123");
        assertValid("https://192.168.123.123");
        assertValid("https://192.168.123.123:8080");
+        assertValid("https://sub-sub.test.com");
+        assertValid("https://sub.test-test.com");

        assertInvalid("https://test/");
        assertInvalid("{");
--- a/docbook/reference/en/en-US/modules/server-installation.xml
+++ b/docbook/reference/en/en-US/modules/server-installation.xml
@ -625,29 +625,74 @@ keycloak-war-dist-all-&project.version;/
                    <literal>X-Forwarded-Proto</literal> headers on the requests made to Keycloak. Next you need to enable
                    <literal>proxy-address-forwarding</literal> on the Keycloak http connector. Assuming that your reverse
                    proxy doesn't use port 8443 for SSL you also need to configure what port http traffic is redirected to.
-                    This is done by editing <literal>standalone/configuration/standalone.xml</literal>.
                </para>
-                First add <literal>proxy-address-forwarding</literal> and <literal>redirect-socket</literal> to the <literal>http-listener</literal>
-                element:
-                <para>
+
+                <section>
+                    <title>WildFly</title>
+
+                    <para>
+                        Open <literal>standalone/configuration/standalone.xml</literal> in your favorite editor.
+                    </para>
+
+                    <para>
+                        First add <literal>proxy-address-forwarding</literal> and <literal>redirect-socket</literal> to
+                        the <literal>http-listener</literal> element:
 <programlisting><![CDATA[<subsystem xmlns="urn:jboss:domain:undertow:1.1">
    ...
-    <http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/>
+    <http-listener name="default" socket-binding="http"
+        proxy-address-forwarding="true" redirect-socket="proxy-https"/>
    ...
 </subsystem>
 ]]></programlisting>
-                Then add a new <literal>socket-binding</literal> element to the <literal>socket-binding-group</literal> element:
+                    </para>
+                    <para>
+                        Then add a new <literal>socket-binding</literal> element to the <literal>socket-binding-group</literal> element:
 <programlisting><![CDATA[
-<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+<socket-binding-group name="standard-sockets" default-interface="public"
+    port-offset="${jboss.socket.binding.port-offset:0}">
    ...
    <socket-binding name="proxy-https" port="443"/>
    ...
 </socket-binding-group>
 ]]></programlisting>
-                </para>
-                <para>
-                    Check the <ulink url="https://docs.jboss.org/author/display/WFLY8/Undertow+(web)+subsystem+configuration">WildFly</ulink> documentation for more information.
-                </para>
+                    </para>
+                    <para>
+                        Check the <ulink url="https://docs.jboss.org/author/display/WFLY8/Undertow+(web)+subsystem+configuration">WildFly</ulink> documentation for more information.
+                    </para>
+                </section>
+
+                <section>
+                    <title>AS7/EAP</title>
+
+                    <para>
+                        Open <literal>standalone/configuration/standalone.xml</literal> in your favorite editor.
+                    </para>
+
+                    <para>
+                        You need to add <literal>redirect-port</literal> to http <literal>connector</literal> element and
+                        add the <literal>RemoteIpValve</literal> valve:
+<programlisting><![CDATA[
+<subsystem xmlns="urn:jboss:domain:web:1.5"
+    default-virtual-server="default-host" native="false">
+    <connector name="http" protocol="HTTP/1.1" scheme="http"
+        socket-binding="http"
+        redirect-port="443"/>
+    <virtual-server name="default-host" enable-welcome-root="true">
+        <alias name="localhost"/>
+        <alias name="example.com"/>
+    </virtual-server>
+    <valve name="remoteipvalve" module="org.jboss.as.web"
+        class-name="org.apache.catalina.valves.RemoteIpValve">
+        <param param-name="protocolHeader" param-value="x-forwarded-proto"/>
+    </valve>
+</subsystem>
+]]></programlisting>
+                    </para>
+
+
+
+                </section>
+
            </section>

            <section>