KEYCLOAK-17665 Add query parameter support for Spring

2021-04-07 00:10:38 +02:00 · 2021-04-07 00:10:38 +02:00 · 5d3f80ab57
commit 5d3f80ab57
parent fa6903a1b5
2 changed files with 22 additions and 1 deletions
--- a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakAuthenticationEntryPoint.java
+++ b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakAuthenticationEntryPoint.java
@ -34,6 +34,7 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;

 /**
 * Provides a Keycloak {@link AuthenticationEntryPoint authentication entry point}. Uses a
@ -105,7 +106,13 @@ public class KeycloakAuthenticationEntryPoint implements AuthenticationEntryPoin
            // stored in a session. We'll store it in a cookie instead.
            response.addCookie(KeycloakCookieBasedRedirect.createCookieFromRedirectUrl(request.getRequestURI()));
        }
-        String contextAwareLoginUri = request.getContextPath() + loginUri;
+
+        String queryParameters = "";
+        if (!StringUtils.isEmpty(request.getQueryString())) {
+            queryParameters = "?" + request.getQueryString();
+        }
+
+        String contextAwareLoginUri = request.getContextPath() + loginUri + queryParameters;
        log.debug("Redirecting to login URI {}", contextAwareLoginUri);
        response.sendRedirect(contextAwareLoginUri);
    }
--- a/adapters/oidc/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakAuthenticationEntryPointTest.java
+++ b/adapters/oidc/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakAuthenticationEntryPointTest.java
@ -17,7 +17,10 @@

 package org.keycloak.adapters.springsecurity.authentication;

+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNull;
 import static org.mockito.Matchers.any;
 import static org.mockito.Matchers.eq;
@ -78,6 +81,17 @@ public class KeycloakAuthenticationEntryPointTest {
        assertEquals(KeycloakAuthenticationEntryPoint.DEFAULT_LOGIN_URI, response.getHeader("Location"));
    }

+    @Test
+    public void testCommenceWithRedirectAndQueryParameters() throws Exception {
+        configureBrowserRequest();
+        request.addParameter("prompt", "login");
+        authenticationEntryPoint.commence(request, response, null);
+        assertEquals(HttpStatus.FOUND.value(), response.getStatus());
+        assertNotEquals(KeycloakAuthenticationEntryPoint.DEFAULT_LOGIN_URI, response.getHeader("Location"));
+        assertThat(response.getHeader("Location"), containsString(KeycloakAuthenticationEntryPoint.DEFAULT_LOGIN_URI));
+        assertThat(response.getHeader("Location"), containsString("prompt=login"));
+    }
+
    @Test
    public void testCommenceWithRedirectNotRootContext() throws Exception {
        configureBrowserRequest();