Merge pull request #1151 from stianst/master

KEYCLOAK-1212 CORS requests blocked on OPTIONS request
This commit is contained in:
Stian Thorgersen 2015-04-16 12:50:55 +02:00
commit 7d853dabe4
3 changed files with 38 additions and 44 deletions

View file

@ -107,7 +107,7 @@ public class OIDCLoginProtocolService {
public Object auth() { public Object auth() {
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event); AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.init(); return endpoint;
} }
/** /**
@ -117,7 +117,7 @@ public class OIDCLoginProtocolService {
public Object registerPage() { public Object registerPage() {
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event); AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.init().register(); return endpoint.register();
} }
/** /**
@ -127,7 +127,7 @@ public class OIDCLoginProtocolService {
public Object token() { public Object token() {
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.init(); return endpoint;
} }
@Path("login") @Path("login")
@ -135,7 +135,7 @@ public class OIDCLoginProtocolService {
public Object loginPage() { public Object loginPage() {
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event); AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.legacy(OIDCLoginProtocol.CODE_PARAM).init(); return endpoint.legacy(OIDCLoginProtocol.CODE_PARAM);
} }
@Path("login-status-iframe.html") @Path("login-status-iframe.html")
@ -150,7 +150,7 @@ public class OIDCLoginProtocolService {
public Object grantAccessToken() { public Object grantAccessToken() {
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.legacy(OAuth2Constants.PASSWORD).init(); return endpoint.legacy(OAuth2Constants.PASSWORD);
} }
@Path("refresh") @Path("refresh")
@ -158,7 +158,7 @@ public class OIDCLoginProtocolService {
public Object refreshAccessToken() { public Object refreshAccessToken() {
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.legacy(OAuth2Constants.REFRESH_TOKEN).init(); return endpoint.legacy(OAuth2Constants.REFRESH_TOKEN);
} }
@Path("access/codes") @Path("access/codes")
@ -166,7 +166,7 @@ public class OIDCLoginProtocolService {
public Object accessCodeToToken() { public Object accessCodeToToken() {
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.legacy(OAuth2Constants.AUTHORIZATION_CODE).init(); return endpoint.legacy(OAuth2Constants.AUTHORIZATION_CODE);
} }
@Path("validate") @Path("validate")

View file

@ -91,6 +91,25 @@ public class AuthorizationEndpoint {
@GET @GET
public Response build() { public Response build() {
MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
clientId = params.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM);
responseType = params.getFirst(OIDCLoginProtocol.RESPONSE_TYPE_PARAM);
redirectUriParam = params.getFirst(OIDCLoginProtocol.REDIRECT_URI_PARAM);
state = params.getFirst(OIDCLoginProtocol.STATE_PARAM);
scope = params.getFirst(OIDCLoginProtocol.SCOPE_PARAM);
loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM);
prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM);
idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT);
checkSsl();
checkRealm();
checkClient();
checkResponseType();
checkRedirectUri();
createClientSession();
switch (action) { switch (action) {
case REGISTER: case REGISTER:
return buildRegister(); return buildRegister();
@ -121,29 +140,6 @@ public class AuthorizationEndpoint {
return this; return this;
} }
public AuthorizationEndpoint init() {
MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
clientId = params.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM);
responseType = params.getFirst(OIDCLoginProtocol.RESPONSE_TYPE_PARAM);
redirectUriParam = params.getFirst(OIDCLoginProtocol.REDIRECT_URI_PARAM);
state = params.getFirst(OIDCLoginProtocol.STATE_PARAM);
scope = params.getFirst(OIDCLoginProtocol.SCOPE_PARAM);
loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM);
prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM);
idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT);
checkSsl();
checkRealm();
checkClient();
checkResponseType();
checkRedirectUri();
createClientSession();
return this;
}
private void checkSsl() { private void checkSsl() {
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
event.error(Errors.SSL_REQUIRED); event.error(Errors.SSL_REQUIRED);
@ -172,7 +168,7 @@ public class AuthorizationEndpoint {
throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND ); throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND );
} }
if ((client instanceof ClientModel) && ((ClientModel) client).isBearerOnly()) { if (client.isBearerOnly()) {
event.error(Errors.NOT_ALLOWED); event.error(Errors.NOT_ALLOWED);
throw new ErrorPageException(session, Messages.BEARER_ONLY ); throw new ErrorPageException(session, Messages.BEARER_ONLY );
} }
@ -198,7 +194,9 @@ public class AuthorizationEndpoint {
event.detail(Details.RESPONSE_TYPE, responseType); event.detail(Details.RESPONSE_TYPE, responseType);
if (responseType.equals(OAuth2Constants.CODE)) { if (responseType.equals(OAuth2Constants.CODE)) {
action = Action.CODE; if (action == null) {
action = Action.CODE;
}
} else { } else {
event.error(Errors.INVALID_REQUEST); event.error(Errors.INVALID_REQUEST);
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM ); throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM );

View file

@ -87,6 +87,14 @@ public class TokenEndpoint {
@POST @POST
public Response build() { public Response build() {
formParams = request.getDecodedFormParameters();
grantType = formParams.getFirst(OIDCLoginProtocol.GRANT_TYPE_PARAM);
checkSsl();
checkRealm();
checkGrantType();
checkClient();
switch (action) { switch (action) {
case AUTHORIZATION_CODE: case AUTHORIZATION_CODE:
return buildAuthorizationCodeAccessTokenResponse(); return buildAuthorizationCodeAccessTokenResponse();
@ -116,18 +124,6 @@ public class TokenEndpoint {
return this; return this;
} }
public TokenEndpoint init() {
formParams = request.getDecodedFormParameters();
grantType = formParams.getFirst(OIDCLoginProtocol.GRANT_TYPE_PARAM);
checkSsl();
checkRealm();
checkGrantType();
checkClient();
return this;
}
private void checkSsl() { private void checkSsl() {
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
throw new ErrorResponseException("invalid_request", "HTTPS required", Response.Status.FORBIDDEN); throw new ErrorResponseException("invalid_request", "HTTPS required", Response.Status.FORBIDDEN);