From b62e6e2751b1f9e1d46548f157738bacf08e8e30 Mon Sep 17 00:00:00 2001 From: mposolda Date: Tue, 18 Oct 2016 16:57:06 +0200 Subject: [PATCH] KEYCLOAK-3653 CORS headers not sent in certs endpoint --- .../src/main/webapp/index.html | 17 +++++++++++++--- .../src/main/webapp/js/app.js | 9 +++++++-- .../oidc/OIDCLoginProtocolService.java | 20 +++++++++++++++++-- .../services/resources/RealmsResource.java | 11 +++++++++- 4 files changed, 49 insertions(+), 8 deletions(-) diff --git a/examples/cors/angular-product-app/src/main/webapp/index.html b/examples/cors/angular-product-app/src/main/webapp/index.html index 462745232d..3ba134492e 100755 --- a/examples/cors/angular-product-app/src/main/webapp/index.html +++ b/examples/cors/angular-product-app/src/main/webapp/index.html @@ -92,9 +92,20 @@

Realm info

-
- Realm name: {{realm.realm}}
- Public key: {{realm.public_key}}
+
+ Realm issuer: {{realmOIDCInfo.issuer}}
+ + + + + + + + + + + +
Public Key KIDs
{{pk.kid}}
diff --git a/examples/cors/angular-product-app/src/main/webapp/js/app.js b/examples/cors/angular-product-app/src/main/webapp/js/app.js index 70db67e77e..5ddf077c65 100755 --- a/examples/cors/angular-product-app/src/main/webapp/js/app.js +++ b/examples/cors/angular-product-app/src/main/webapp/js/app.js @@ -87,8 +87,13 @@ module.controller('GlobalCtrl', function($scope, $http) { }; $scope.loadPublicRealmInfo = function() { - $http.get("http://localhost-auth:8080/auth/realms/cors").success(function(data) { - $scope.realm = angular.fromJson(data); + $http.get("http://localhost-auth:8080/auth/realms/cors/.well-known/openid-configuration").success(function(data) { + $scope.realmOIDCInfo = angular.fromJson(data); + + var jwksUri = $scope.realmOIDCInfo.jwks_uri; + $http.get(jwksUri).success(function(data) { + $scope.publicKeys = angular.fromJson(data); + }); }); }; diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java index 2c983edf3d..b07f06a5a4 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java @@ -18,6 +18,7 @@ package org.keycloak.protocol.oidc; import org.jboss.resteasy.annotations.cache.NoCache; +import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.events.EventBuilder; import org.keycloak.forms.login.LoginFormsProvider; @@ -32,9 +33,12 @@ import org.keycloak.protocol.oidc.endpoints.LoginStatusIframeEndpoint; import org.keycloak.protocol.oidc.endpoints.LogoutEndpoint; import org.keycloak.protocol.oidc.endpoints.TokenEndpoint; import org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint; +import org.keycloak.services.resources.Cors; import org.keycloak.services.resources.RealmsResource; +import org.keycloak.services.util.CacheControlUtil; import javax.ws.rs.GET; +import javax.ws.rs.OPTIONS; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; @@ -67,6 +71,9 @@ public class OIDCLoginProtocolService { @Context private HttpHeaders headers; + @Context + private HttpRequest request; + public OIDCLoginProtocolService(RealmModel realm, EventBuilder event) { this.realm = realm; this.tokenManager = new TokenManager(); @@ -168,11 +175,18 @@ public class OIDCLoginProtocolService { return endpoint; } + @OPTIONS + @Path("certs") + @Produces(MediaType.APPLICATION_JSON) + public Response getVersionPreflight() { + return Cors.add(request, Response.ok()).allowedMethods("GET").preflight().auth().build(); + } + @GET @Path("certs") @Produces(MediaType.APPLICATION_JSON) @NoCache - public JSONWebKeySet certs() { + public Response certs() { List publicKeys = session.keys().getKeys(realm, false); JWK[] keys = new JWK[publicKeys.size()]; @@ -183,7 +197,9 @@ public class OIDCLoginProtocolService { JSONWebKeySet keySet = new JSONWebKeySet(); keySet.setKeys(keys); - return keySet; + + Response.ResponseBuilder responseBuilder = Response.ok(keySet).cacheControl(CacheControlUtil.getDefaultCacheControl()); + return Cors.add(request, responseBuilder).allowedOrigins("*").auth().build(); } @Path("userinfo") diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index f30665be8b..3ee7938cef 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -40,6 +40,7 @@ import org.keycloak.wellknown.WellKnownProvider; import javax.ws.rs.GET; import javax.ws.rs.NotFoundException; +import javax.ws.rs.OPTIONS; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; @@ -240,6 +241,14 @@ public class RealmsResource { return brokerService; } + @OPTIONS + @Path("{realm}/.well-known/{provider}") + @Produces(MediaType.APPLICATION_JSON) + public Response getVersionPreflight(final @PathParam("realm") String name, + final @PathParam("provider") String providerName) { + return Cors.add(request, Response.ok()).allowedMethods("GET").preflight().auth().build(); + } + @GET @Path("{realm}/.well-known/{provider}") @Produces(MediaType.APPLICATION_JSON) @@ -250,7 +259,7 @@ public class RealmsResource { WellKnownProvider wellKnown = session.getProvider(WellKnownProvider.class, providerName); ResponseBuilder responseBuilder = Response.ok(wellKnown.getConfig()).cacheControl(CacheControlUtil.getDefaultCacheControl()); - return Cors.add(request, responseBuilder).allowedOrigins("*").build(); + return Cors.add(request, responseBuilder).allowedOrigins("*").auth().build(); } @Path("{realm}/authz")