fix: validate that a full hostname url is expected (#33348)
closes: #33347 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
This commit is contained in:
parent
b9d0977628
commit
9064d5159a
2 changed files with 16 additions and 0 deletions
|
@ -62,6 +62,10 @@ public class HostnameV2ProviderFactory implements HostnameProviderFactory, Envir
|
|||
|
||||
Optional.ofNullable(config.get("hostname-admin")).ifPresent(h ->
|
||||
adminUrl = validateAndCreateUri(h, "Provided hostname-admin is not a valid URL"));
|
||||
|
||||
if (adminUrl != null && hostnameUrl == null) {
|
||||
throw new IllegalArgumentException("hostname must be set to a URL when hostname-admin is set");
|
||||
}
|
||||
|
||||
// Dynamic backchannel requires hostname to be specified as full URL. Otherwise we might end up with some parts of the
|
||||
// backend request in frontend URLs. Therefore frontend (and admin) needs to be fully static.
|
||||
|
|
|
@ -17,7 +17,9 @@
|
|||
|
||||
package org.keycloak.url;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertThrows;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import java.io.IOException;
|
||||
|
@ -46,6 +48,16 @@ public class HostnameV2ProviderFactoryTest {
|
|||
assertHostname("?my-example.com", false);
|
||||
assertHostname("192.196.0.5555", false);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hostnameUrlExpected() throws IOException {
|
||||
Map<String, String> values = new HashMap<>();
|
||||
values.put("hostname", "short");
|
||||
values.put("hostname-admin", "https://other");
|
||||
HostnameV2ProviderFactory factory = new HostnameV2ProviderFactory();
|
||||
assertEquals("hostname must be set to a URL when hostname-admin is set",
|
||||
assertThrows(IllegalArgumentException.class, () -> factory.init(ScopeUtil.createScope(values))).getMessage());
|
||||
}
|
||||
|
||||
private void assertHostname(String hostname, boolean valid) {
|
||||
Map<String, String> values = new HashMap<>();
|
||||
|
|
Loading…
Reference in a new issue