cors token modifications
This commit is contained in:
Bill Burke
parent
158f85cb7a
commit
6e6dccd339
3 changed files with 36 additions and 7 deletions
|
|
@ -55,7 +55,7 @@ public class SkeletonKeyToken extends JsonWebToken {
|
|||
protected Set<String> trustedCertificates;
|
||||
|
||||
@JsonProperty("allowed-origins")
|
||||
protected List<String> allowsOrigins;
|
||||
protected List<String> allowedOrigins;
|
||||
|
||||
@JsonProperty("realm_access")
|
||||
protected Access realmAccess;
|
||||
|
|
@ -143,12 +143,12 @@ public class SkeletonKeyToken extends JsonWebToken {
|
|||
return (SkeletonKeyToken) super.type(type);
|
||||
}
|
||||
|
||||
public List<String> getAllowsOrigins() {
|
||||
return allowsOrigins;
|
||||
public List<String> getAllowedOrigins() {
|
||||
return allowedOrigins;
|
||||
}
|
||||
|
||||
public void setAllowsOrigins(List<String> allowsOrigins) {
|
||||
this.allowsOrigins = allowsOrigins;
|
||||
public void setAllowedOrigins(List<String> allowedOrigins) {
|
||||
this.allowedOrigins = allowedOrigins;
|
||||
}
|
||||
|
||||
public Access getRealmAccess() {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import org.keycloak.representations.SkeletonKeyToken;
|
|||
import javax.ws.rs.core.MultivaluedMap;
|
||||
import java.io.IOException;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
|
@ -117,6 +118,12 @@ public class TokenManager {
|
|||
if (realm.getTokenLifespan() > 0) {
|
||||
token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
|
||||
}
|
||||
Set<String> allowedOrigins = client.getWebOrigins();
|
||||
if (allowedOrigins != null && allowedOrigins.size() > 0) {
|
||||
List<String> allowed = new ArrayList<String>();
|
||||
allowed.addAll(allowedOrigins);
|
||||
token.setAllowedOrigins(allowed);
|
||||
}
|
||||
return token;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -95,6 +95,17 @@ public class SaasService {
|
|||
}
|
||||
}
|
||||
|
||||
/** test code for screwing around with CORS
|
||||
|
||||
@Path("set-cookie")
|
||||
@GET
|
||||
@NoCache
|
||||
@Produces("text/plain")
|
||||
public Response cookie(@Context HttpHeaders headers) {
|
||||
return Response.ok("cookie set", MediaType.TEXT_PLAIN_TYPE).cookie(new NewCookie("testcookie", "value")).build();
|
||||
}
|
||||
|
||||
|
||||
@Path("ping")
|
||||
@GET
|
||||
@NoCache
|
||||
|
|
@ -102,7 +113,11 @@ public class SaasService {
|
|||
public String ping(@Context HttpHeaders headers) {
|
||||
logger.info("************** GET PING");
|
||||
for (String header : headers.getRequestHeaders().keySet()) {
|
||||
logger.info(" " + header + ": " + headers.getHeaderString(header));
|
||||
logger.info(" header --- " + header + ": " + headers.getHeaderString(header));
|
||||
}
|
||||
for (String cookieName : headers.getCookies().keySet()) {
|
||||
logger.info(" cookie --- " + cookieName);
|
||||
|
||||
}
|
||||
return "ping";
|
||||
}
|
||||
|
|
@ -116,10 +131,17 @@ public class SaasService {
|
|||
for (String header : headers.getRequestHeaders().keySet()) {
|
||||
logger.info(" " + header + ": " + headers.getHeaderString(header));
|
||||
}
|
||||
for (String cookieName : headers.getCookies().keySet()) {
|
||||
logger.info(" cookie --- " + cookieName);
|
||||
|
||||
}
|
||||
return Response.ok()
|
||||
.header("Access-Control-Allow-Origin", "*")
|
||||
.header("Access-Control-Allow-Headers", HttpHeaders.AUTHORIZATION).build();
|
||||
.header("Access-Control-Allow-Headers", HttpHeaders.AUTHORIZATION)
|
||||
.header("Access-Control-Allow-Credentials", "true")
|
||||
.build();
|
||||
}
|
||||
*/
|
||||
|
||||
|
||||
@Path("keepalive")
|
||||
|
|
|
|||
Loading…
Reference in a new issue