fix: validate that a full hostname url is expected (#33348)

closes: #33347

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
This commit is contained in:
Steven Hawkins 2024-09-27 09:57:14 -04:00 committed by GitHub
parent b9d0977628
commit 9064d5159a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 16 additions and 0 deletions

View file

@ -63,6 +63,10 @@ public class HostnameV2ProviderFactory implements HostnameProviderFactory, Envir
Optional.ofNullable(config.get("hostname-admin")).ifPresent(h ->
adminUrl = validateAndCreateUri(h, "Provided hostname-admin is not a valid URL"));
if (adminUrl != null && hostnameUrl == null) {
throw new IllegalArgumentException("hostname must be set to a URL when hostname-admin is set");
}
// Dynamic backchannel requires hostname to be specified as full URL. Otherwise we might end up with some parts of the
// backend request in frontend URLs. Therefore frontend (and admin) needs to be fully static.
backchannelDynamic = config.getBoolean("hostname-backchannel-dynamic", false);

View file

@ -17,7 +17,9 @@
package org.keycloak.url;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
import java.io.IOException;
@ -47,6 +49,16 @@ public class HostnameV2ProviderFactoryTest {
assertHostname("192.196.0.5555", false);
}
@Test
public void hostnameUrlExpected() throws IOException {
Map<String, String> values = new HashMap<>();
values.put("hostname", "short");
values.put("hostname-admin", "https://other");
HostnameV2ProviderFactory factory = new HostnameV2ProviderFactory();
assertEquals("hostname must be set to a URL when hostname-admin is set",
assertThrows(IllegalArgumentException.class, () -> factory.init(ScopeUtil.createScope(values))).getMessage());
}
private void assertHostname(String hostname, boolean valid) {
Map<String, String> values = new HashMap<>();
values.put("hostname", hostname);