From 6e6dccd339fdabbb28d1185d628cce8eae0dc8a4 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Fri, 25 Oct 2013 18:03:28 -0400 Subject: [PATCH] cors token modifications --- .../representations/SkeletonKeyToken.java | 10 +++---- .../services/managers/TokenManager.java | 7 +++++ .../services/resources/SaasService.java | 26 +++++++++++++++++-- 3 files changed, 36 insertions(+), 7 deletions(-) diff --git a/core/src/main/java/org/keycloak/representations/SkeletonKeyToken.java b/core/src/main/java/org/keycloak/representations/SkeletonKeyToken.java index 817c9f5b13..2d2641cb02 100755 --- a/core/src/main/java/org/keycloak/representations/SkeletonKeyToken.java +++ b/core/src/main/java/org/keycloak/representations/SkeletonKeyToken.java @@ -55,7 +55,7 @@ public class SkeletonKeyToken extends JsonWebToken { protected Set trustedCertificates; @JsonProperty("allowed-origins") - protected List allowsOrigins; + protected List allowedOrigins; @JsonProperty("realm_access") protected Access realmAccess; @@ -143,12 +143,12 @@ public class SkeletonKeyToken extends JsonWebToken { return (SkeletonKeyToken) super.type(type); } - public List getAllowsOrigins() { - return allowsOrigins; + public List getAllowedOrigins() { + return allowedOrigins; } - public void setAllowsOrigins(List allowsOrigins) { - this.allowsOrigins = allowsOrigins; + public void setAllowedOrigins(List allowedOrigins) { + this.allowedOrigins = allowedOrigins; } public Access getRealmAccess() { diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java index e3012b6e9e..c8048c4946 100755 --- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java +++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java @@ -11,6 +11,7 @@ import org.keycloak.representations.SkeletonKeyToken; import javax.ws.rs.core.MultivaluedMap; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.util.ArrayList; import java.util.List; import java.util.Map; import java.util.Set; @@ -117,6 +118,12 @@ public class TokenManager { if (realm.getTokenLifespan() > 0) { token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan()); } + Set allowedOrigins = client.getWebOrigins(); + if (allowedOrigins != null && allowedOrigins.size() > 0) { + List allowed = new ArrayList(); + allowed.addAll(allowedOrigins); + token.setAllowedOrigins(allowed); + } return token; } diff --git a/services/src/main/java/org/keycloak/services/resources/SaasService.java b/services/src/main/java/org/keycloak/services/resources/SaasService.java index 38a499124a..9fc861fe0f 100755 --- a/services/src/main/java/org/keycloak/services/resources/SaasService.java +++ b/services/src/main/java/org/keycloak/services/resources/SaasService.java @@ -95,6 +95,17 @@ public class SaasService { } } + /** test code for screwing around with CORS + + @Path("set-cookie") + @GET + @NoCache + @Produces("text/plain") + public Response cookie(@Context HttpHeaders headers) { + return Response.ok("cookie set", MediaType.TEXT_PLAIN_TYPE).cookie(new NewCookie("testcookie", "value")).build(); + } + + @Path("ping") @GET @NoCache @@ -102,7 +113,11 @@ public class SaasService { public String ping(@Context HttpHeaders headers) { logger.info("************** GET PING"); for (String header : headers.getRequestHeaders().keySet()) { - logger.info(" " + header + ": " + headers.getHeaderString(header)); + logger.info(" header --- " + header + ": " + headers.getHeaderString(header)); + } + for (String cookieName : headers.getCookies().keySet()) { + logger.info(" cookie --- " + cookieName); + } return "ping"; } @@ -116,10 +131,17 @@ public class SaasService { for (String header : headers.getRequestHeaders().keySet()) { logger.info(" " + header + ": " + headers.getHeaderString(header)); } + for (String cookieName : headers.getCookies().keySet()) { + logger.info(" cookie --- " + cookieName); + + } return Response.ok() .header("Access-Control-Allow-Origin", "*") - .header("Access-Control-Allow-Headers", HttpHeaders.AUTHORIZATION).build(); + .header("Access-Control-Allow-Headers", HttpHeaders.AUTHORIZATION) + .header("Access-Control-Allow-Credentials", "true") + .build(); } + */ @Path("keepalive")