diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java index 1673aa6034..18a93a7410 100644 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java @@ -253,8 +253,7 @@ public abstract class AbstractPolicyEnforcer { } private String getPath(Request request) { - String pathInfo = URI.create(request.getURI()).getPath().substring(1); - return pathInfo.substring(pathInfo.indexOf('/'), pathInfo.length()); + return request.getRelativePath(); } private Set getRequiredScopes(PathConfig pathConfig, Request request) { diff --git a/adapters/oidc/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsHttpFacade.java b/adapters/oidc/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsHttpFacade.java index 82ecc0b308..1a0eb9c874 100755 --- a/adapters/oidc/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsHttpFacade.java +++ b/adapters/oidc/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsHttpFacade.java @@ -66,6 +66,11 @@ public class JaxrsHttpFacade implements OIDCHttpFacade { return requestContext.getUriInfo().getRequestUri().toString(); } + @Override + public String getRelativePath() { + return requestContext.getUriInfo().getPath(); + } + @Override public boolean isSecure() { return securityContext.isSecure(); diff --git a/adapters/oidc/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java b/adapters/oidc/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java index 966006204e..9e4fa0ad8f 100755 --- a/adapters/oidc/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java +++ b/adapters/oidc/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java @@ -218,6 +218,11 @@ public class ServletOAuthClient extends KeycloakDeploymentDelegateOAuthClient { return servletRequest.getRequestURL().toString(); } + @Override + public String getRelativePath() { + return servletRequest.getServletPath(); + } + @Override public boolean isSecure() { return servletRequest.isSecure(); diff --git a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequest.java b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequest.java index e0cfd69fde..848ca459f7 100755 --- a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequest.java +++ b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequest.java @@ -70,6 +70,11 @@ class WrappedHttpServletRequest implements Request { return buf.toString(); } + @Override + public String getRelativePath() { + return request.getServletPath(); + } + @Override public boolean isSecure() { return request.isSecure(); diff --git a/adapters/spi/adapter-spi/src/main/java/org/keycloak/adapters/spi/HttpFacade.java b/adapters/spi/adapter-spi/src/main/java/org/keycloak/adapters/spi/HttpFacade.java index a01182407f..24292868f4 100755 --- a/adapters/spi/adapter-spi/src/main/java/org/keycloak/adapters/spi/HttpFacade.java +++ b/adapters/spi/adapter-spi/src/main/java/org/keycloak/adapters/spi/HttpFacade.java @@ -43,6 +43,13 @@ public interface HttpFacade { */ String getURI(); + /** + * Get the request relative path. + * + * @return the request relative path + */ + String getRelativePath(); + /** * HTTPS? * diff --git a/adapters/spi/jetty-adapter-spi/src/main/java/org/keycloak/adapters/jetty/spi/JettyHttpFacade.java b/adapters/spi/jetty-adapter-spi/src/main/java/org/keycloak/adapters/jetty/spi/JettyHttpFacade.java index 2fc525e5dd..dac79736dc 100755 --- a/adapters/spi/jetty-adapter-spi/src/main/java/org/keycloak/adapters/jetty/spi/JettyHttpFacade.java +++ b/adapters/spi/jetty-adapter-spi/src/main/java/org/keycloak/adapters/jetty/spi/JettyHttpFacade.java @@ -78,6 +78,11 @@ public class JettyHttpFacade implements HttpFacade { return buf.toString(); } + @Override + public String getRelativePath() { + return request.getServletPath(); + } + @Override public String getFirstParam(String param) { return request.getParameter(param); diff --git a/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/ServletHttpFacade.java b/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/ServletHttpFacade.java index 43349ab641..6d99560bfa 100755 --- a/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/ServletHttpFacade.java +++ b/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/ServletHttpFacade.java @@ -65,6 +65,11 @@ public class ServletHttpFacade implements HttpFacade { return buf.toString(); } + @Override + public String getRelativePath() { + return request.getServletPath(); + } + @Override public boolean isSecure() { return request.isSecure(); diff --git a/adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java b/adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java index 315635deb5..c472564914 100755 --- a/adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java +++ b/adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java @@ -78,6 +78,11 @@ public class CatalinaHttpFacade implements HttpFacade { return buf.toString(); } + @Override + public String getRelativePath() { + return request.getServletPath(); + } + @Override public boolean isSecure() { return request.isSecure(); diff --git a/adapters/spi/undertow-adapter-spi/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java b/adapters/spi/undertow-adapter-spi/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java index a14e0b79ce..21102f1224 100755 --- a/adapters/spi/undertow-adapter-spi/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java +++ b/adapters/spi/undertow-adapter-spi/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java @@ -83,6 +83,11 @@ public class UndertowHttpFacade implements HttpFacade { return uriBuilder.build().toString(); } + @Override + public String getRelativePath() { + return exchange.getRelativePath(); + } + @Override public boolean isSecure() { String protocol = exchange.getRequestScheme(); diff --git a/examples/demo-template/offline-access-app/src/main/java/org/keycloak/example/OfflineAccessPortalServlet.java b/examples/demo-template/offline-access-app/src/main/java/org/keycloak/example/OfflineAccessPortalServlet.java index 3783c1248c..cd912d7c1a 100755 --- a/examples/demo-template/offline-access-app/src/main/java/org/keycloak/example/OfflineAccessPortalServlet.java +++ b/examples/demo-template/offline-access-app/src/main/java/org/keycloak/example/OfflineAccessPortalServlet.java @@ -181,6 +181,11 @@ public class OfflineAccessPortalServlet extends HttpServlet { return servletRequest.getRequestURL().toString(); } + @Override + public String getRelativePath() { + return servletRequest.getServletPath(); + } + @Override public boolean isSecure() { return servletRequest.isSecure();