Merge pull request #1151 from stianst/master
KEYCLOAK-1212 CORS requests blocked on OPTIONS request
This commit is contained in:
commit
7d853dabe4
3 changed files with 38 additions and 44 deletions
|
@ -107,7 +107,7 @@ public class OIDCLoginProtocolService {
|
||||||
public Object auth() {
|
public Object auth() {
|
||||||
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event);
|
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
||||||
return endpoint.init();
|
return endpoint;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -117,7 +117,7 @@ public class OIDCLoginProtocolService {
|
||||||
public Object registerPage() {
|
public Object registerPage() {
|
||||||
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event);
|
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
||||||
return endpoint.init().register();
|
return endpoint.register();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -127,7 +127,7 @@ public class OIDCLoginProtocolService {
|
||||||
public Object token() {
|
public Object token() {
|
||||||
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
|
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
||||||
return endpoint.init();
|
return endpoint;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("login")
|
@Path("login")
|
||||||
|
@ -135,7 +135,7 @@ public class OIDCLoginProtocolService {
|
||||||
public Object loginPage() {
|
public Object loginPage() {
|
||||||
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event);
|
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
||||||
return endpoint.legacy(OIDCLoginProtocol.CODE_PARAM).init();
|
return endpoint.legacy(OIDCLoginProtocol.CODE_PARAM);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("login-status-iframe.html")
|
@Path("login-status-iframe.html")
|
||||||
|
@ -150,7 +150,7 @@ public class OIDCLoginProtocolService {
|
||||||
public Object grantAccessToken() {
|
public Object grantAccessToken() {
|
||||||
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
|
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
||||||
return endpoint.legacy(OAuth2Constants.PASSWORD).init();
|
return endpoint.legacy(OAuth2Constants.PASSWORD);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("refresh")
|
@Path("refresh")
|
||||||
|
@ -158,7 +158,7 @@ public class OIDCLoginProtocolService {
|
||||||
public Object refreshAccessToken() {
|
public Object refreshAccessToken() {
|
||||||
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
|
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
||||||
return endpoint.legacy(OAuth2Constants.REFRESH_TOKEN).init();
|
return endpoint.legacy(OAuth2Constants.REFRESH_TOKEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("access/codes")
|
@Path("access/codes")
|
||||||
|
@ -166,7 +166,7 @@ public class OIDCLoginProtocolService {
|
||||||
public Object accessCodeToToken() {
|
public Object accessCodeToToken() {
|
||||||
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
|
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
||||||
return endpoint.legacy(OAuth2Constants.AUTHORIZATION_CODE).init();
|
return endpoint.legacy(OAuth2Constants.AUTHORIZATION_CODE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("validate")
|
@Path("validate")
|
||||||
|
|
|
@ -91,6 +91,25 @@ public class AuthorizationEndpoint {
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
public Response build() {
|
public Response build() {
|
||||||
|
MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
|
||||||
|
|
||||||
|
clientId = params.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM);
|
||||||
|
responseType = params.getFirst(OIDCLoginProtocol.RESPONSE_TYPE_PARAM);
|
||||||
|
redirectUriParam = params.getFirst(OIDCLoginProtocol.REDIRECT_URI_PARAM);
|
||||||
|
state = params.getFirst(OIDCLoginProtocol.STATE_PARAM);
|
||||||
|
scope = params.getFirst(OIDCLoginProtocol.SCOPE_PARAM);
|
||||||
|
loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM);
|
||||||
|
prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM);
|
||||||
|
idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT);
|
||||||
|
|
||||||
|
checkSsl();
|
||||||
|
checkRealm();
|
||||||
|
checkClient();
|
||||||
|
checkResponseType();
|
||||||
|
checkRedirectUri();
|
||||||
|
|
||||||
|
createClientSession();
|
||||||
|
|
||||||
switch (action) {
|
switch (action) {
|
||||||
case REGISTER:
|
case REGISTER:
|
||||||
return buildRegister();
|
return buildRegister();
|
||||||
|
@ -121,29 +140,6 @@ public class AuthorizationEndpoint {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public AuthorizationEndpoint init() {
|
|
||||||
MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
|
|
||||||
|
|
||||||
clientId = params.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM);
|
|
||||||
responseType = params.getFirst(OIDCLoginProtocol.RESPONSE_TYPE_PARAM);
|
|
||||||
redirectUriParam = params.getFirst(OIDCLoginProtocol.REDIRECT_URI_PARAM);
|
|
||||||
state = params.getFirst(OIDCLoginProtocol.STATE_PARAM);
|
|
||||||
scope = params.getFirst(OIDCLoginProtocol.SCOPE_PARAM);
|
|
||||||
loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM);
|
|
||||||
prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM);
|
|
||||||
idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT);
|
|
||||||
|
|
||||||
checkSsl();
|
|
||||||
checkRealm();
|
|
||||||
checkClient();
|
|
||||||
checkResponseType();
|
|
||||||
checkRedirectUri();
|
|
||||||
|
|
||||||
createClientSession();
|
|
||||||
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void checkSsl() {
|
private void checkSsl() {
|
||||||
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
|
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
|
||||||
event.error(Errors.SSL_REQUIRED);
|
event.error(Errors.SSL_REQUIRED);
|
||||||
|
@ -172,7 +168,7 @@ public class AuthorizationEndpoint {
|
||||||
throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND );
|
throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((client instanceof ClientModel) && ((ClientModel) client).isBearerOnly()) {
|
if (client.isBearerOnly()) {
|
||||||
event.error(Errors.NOT_ALLOWED);
|
event.error(Errors.NOT_ALLOWED);
|
||||||
throw new ErrorPageException(session, Messages.BEARER_ONLY );
|
throw new ErrorPageException(session, Messages.BEARER_ONLY );
|
||||||
}
|
}
|
||||||
|
@ -198,7 +194,9 @@ public class AuthorizationEndpoint {
|
||||||
event.detail(Details.RESPONSE_TYPE, responseType);
|
event.detail(Details.RESPONSE_TYPE, responseType);
|
||||||
|
|
||||||
if (responseType.equals(OAuth2Constants.CODE)) {
|
if (responseType.equals(OAuth2Constants.CODE)) {
|
||||||
|
if (action == null) {
|
||||||
action = Action.CODE;
|
action = Action.CODE;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
event.error(Errors.INVALID_REQUEST);
|
event.error(Errors.INVALID_REQUEST);
|
||||||
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM );
|
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM );
|
||||||
|
|
|
@ -87,6 +87,14 @@ public class TokenEndpoint {
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
public Response build() {
|
public Response build() {
|
||||||
|
formParams = request.getDecodedFormParameters();
|
||||||
|
grantType = formParams.getFirst(OIDCLoginProtocol.GRANT_TYPE_PARAM);
|
||||||
|
|
||||||
|
checkSsl();
|
||||||
|
checkRealm();
|
||||||
|
checkGrantType();
|
||||||
|
checkClient();
|
||||||
|
|
||||||
switch (action) {
|
switch (action) {
|
||||||
case AUTHORIZATION_CODE:
|
case AUTHORIZATION_CODE:
|
||||||
return buildAuthorizationCodeAccessTokenResponse();
|
return buildAuthorizationCodeAccessTokenResponse();
|
||||||
|
@ -116,18 +124,6 @@ public class TokenEndpoint {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public TokenEndpoint init() {
|
|
||||||
formParams = request.getDecodedFormParameters();
|
|
||||||
grantType = formParams.getFirst(OIDCLoginProtocol.GRANT_TYPE_PARAM);
|
|
||||||
|
|
||||||
checkSsl();
|
|
||||||
checkRealm();
|
|
||||||
checkGrantType();
|
|
||||||
checkClient();
|
|
||||||
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void checkSsl() {
|
private void checkSsl() {
|
||||||
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
|
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
|
||||||
throw new ErrorResponseException("invalid_request", "HTTPS required", Response.Status.FORBIDDEN);
|
throw new ErrorResponseException("invalid_request", "HTTPS required", Response.Status.FORBIDDEN);
|
||||||
|
|
Loading…
Reference in a new issue