fix relative uri problem
This commit is contained in:
parent
46bf0d78fa
commit
cfee00d4c5
4 changed files with 24 additions and 10 deletions
|
@ -1,4 +1,4 @@
|
|||
<section>
|
||||
<section id="jboss-adapter">
|
||||
<title>JBoss/Wildfly Adapter</title>
|
||||
<para>
|
||||
To be able to secure WAR apps deployed on JBoss AS 7.1.1, JBoss EAP 6.x, or Wildfly, you must install and
|
||||
|
@ -7,7 +7,7 @@
|
|||
to crack open your WARs at all and can apply Keycloak via the Keycloak Subsystem configuration in standalone.xml.
|
||||
Both methods are described in this section.
|
||||
</para>
|
||||
<section>
|
||||
<section id="jboss-adapter-installation">
|
||||
<title>Adapter Installation</title>
|
||||
<para>
|
||||
This is a adapter zip file for AS7, EAP, and Wildfly in the <literal>adapters/</literal> directory in the Keycloak
|
||||
|
|
|
@ -106,6 +106,11 @@ keycloak-war-dist-all-1.0-rc-1-SNAPSHOT/
|
|||
$ cp -r configuration $JBOSS_HOME/standalone
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
After these steps you should also <link linkend='jboss-adapter-installation'>install the client adapter</link>
|
||||
as this may contain modules the server needs (like Bouncycastle). You will also need to install the adapter
|
||||
to run the examples on the same server.
|
||||
</para>
|
||||
<para>
|
||||
After booting up the JBoss or Wildfly distro, you can then make sure it is installed properly
|
||||
by logging into the admin console at<ulink
|
||||
|
|
|
@ -1288,6 +1288,9 @@ public class TokenService {
|
|||
|
||||
valid = matchesRedirects(resolveValidRedirects, r);
|
||||
}
|
||||
if (valid && redirectUri.startsWith("/")) {
|
||||
redirectUri = relativeToAbsoluteURI(uriInfo, redirectUri);
|
||||
}
|
||||
redirectUri = valid ? redirectUri : null;
|
||||
}
|
||||
|
||||
|
@ -1302,20 +1305,26 @@ public class TokenService {
|
|||
// If the valid redirect URI is relative (no scheme, host, port) then use the request's scheme, host, and port
|
||||
Set<String> resolveValidRedirects = new HashSet<String>();
|
||||
for (String validRedirect : validRedirects) {
|
||||
resolveValidRedirects.add(validRedirect); // add even relative urls.
|
||||
if (validRedirect.startsWith("/")) {
|
||||
URI baseUri = uriInfo.getBaseUri();
|
||||
String uri = baseUri.getScheme() + "://" + baseUri.getHost();
|
||||
if (baseUri.getPort() != -1) {
|
||||
uri += ":" + baseUri.getPort();
|
||||
}
|
||||
validRedirect = uri + validRedirect;
|
||||
validRedirect = relativeToAbsoluteURI(uriInfo, validRedirect);
|
||||
logger.debugv("replacing relative valid redirect with: {0}", validRedirect);
|
||||
resolveValidRedirects.add(validRedirect);
|
||||
}
|
||||
resolveValidRedirects.add(validRedirect);
|
||||
}
|
||||
return resolveValidRedirects;
|
||||
}
|
||||
|
||||
public static String relativeToAbsoluteURI(UriInfo uriInfo, String relative) {
|
||||
URI baseUri = uriInfo.getBaseUri();
|
||||
String uri = baseUri.getScheme() + "://" + baseUri.getHost();
|
||||
if (baseUri.getPort() != -1) {
|
||||
uri += ":" + baseUri.getPort();
|
||||
}
|
||||
relative = uri + relative;
|
||||
return relative;
|
||||
}
|
||||
|
||||
private boolean checkSsl() {
|
||||
if (uriInfo.getBaseUri().getScheme().equals("https")) {
|
||||
return true;
|
||||
|
|
|
@ -149,7 +149,7 @@ public class RelativeUriAdapterTest {
|
|||
// test logout
|
||||
|
||||
String logoutUri = TokenService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/customer-portal").build("demo").toString();
|
||||
.queryParam(OAuth2Constants.REDIRECT_URI, "/customer-portal").build("demo").toString();
|
||||
driver.navigate().to(logoutUri);
|
||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||
driver.navigate().to("http://localhost:8081/product-portal");
|
||||
|
|
Loading…
Reference in a new issue