[KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs

- no longer compare them to the server absolutePath; instead use the base URI to build the validation URL
This commit is contained in:
Stefan Guilhen 2020-02-14 15:51:19 -03:00 committed by Stian Thorgersen
parent f45f882f0c
commit 3fa8a5aa88

View file

@ -70,6 +70,10 @@ public class AccountLoader {
throw new NotAuthorizedException("Bearer token required");
}
if (authResult.getUser().getServiceAccountClientLink() != null) {
throw new NotAuthorizedException("Service accounts are not allowed to access this service");
}
Auth auth = new Auth(session.getContext().getRealm(), authResult.getToken(), authResult.getUser(), client, authResult.getSession(), false);
AccountRestService accountRestService = new AccountRestService(session, auth, client, event);
ResteasyProviderFactory.getInstance().injectProperties(accountRestService);