fix relative uri problem

This commit is contained in:
Bill Burke 2014-08-14 11:01:04 -04:00
parent 46bf0d78fa
commit cfee00d4c5
4 changed files with 24 additions and 10 deletions

View file

@ -1,4 +1,4 @@
<section> <section id="jboss-adapter">
<title>JBoss/Wildfly Adapter</title> <title>JBoss/Wildfly Adapter</title>
<para> <para>
To be able to secure WAR apps deployed on JBoss AS 7.1.1, JBoss EAP 6.x, or Wildfly, you must install and To be able to secure WAR apps deployed on JBoss AS 7.1.1, JBoss EAP 6.x, or Wildfly, you must install and
@ -7,7 +7,7 @@
to crack open your WARs at all and can apply Keycloak via the Keycloak Subsystem configuration in standalone.xml. to crack open your WARs at all and can apply Keycloak via the Keycloak Subsystem configuration in standalone.xml.
Both methods are described in this section. Both methods are described in this section.
</para> </para>
<section> <section id="jboss-adapter-installation">
<title>Adapter Installation</title> <title>Adapter Installation</title>
<para> <para>
This is a adapter zip file for AS7, EAP, and Wildfly in the <literal>adapters/</literal> directory in the Keycloak This is a adapter zip file for AS7, EAP, and Wildfly in the <literal>adapters/</literal> directory in the Keycloak

View file

@ -106,6 +106,11 @@ keycloak-war-dist-all-1.0-rc-1-SNAPSHOT/
$ cp -r configuration $JBOSS_HOME/standalone $ cp -r configuration $JBOSS_HOME/standalone
</programlisting> </programlisting>
</para> </para>
<para>
After these steps you should also <link linkend='jboss-adapter-installation'>install the client adapter</link>
as this may contain modules the server needs (like Bouncycastle). You will also need to install the adapter
to run the examples on the same server.
</para>
<para> <para>
After booting up the JBoss or Wildfly distro, you can then make sure it is installed properly After booting up the JBoss or Wildfly distro, you can then make sure it is installed properly
by logging into the admin console at<ulink by logging into the admin console at<ulink

View file

@ -1288,6 +1288,9 @@ public class TokenService {
valid = matchesRedirects(resolveValidRedirects, r); valid = matchesRedirects(resolveValidRedirects, r);
} }
if (valid && redirectUri.startsWith("/")) {
redirectUri = relativeToAbsoluteURI(uriInfo, redirectUri);
}
redirectUri = valid ? redirectUri : null; redirectUri = valid ? redirectUri : null;
} }
@ -1302,20 +1305,26 @@ public class TokenService {
// If the valid redirect URI is relative (no scheme, host, port) then use the request's scheme, host, and port // If the valid redirect URI is relative (no scheme, host, port) then use the request's scheme, host, and port
Set<String> resolveValidRedirects = new HashSet<String>(); Set<String> resolveValidRedirects = new HashSet<String>();
for (String validRedirect : validRedirects) { for (String validRedirect : validRedirects) {
resolveValidRedirects.add(validRedirect); // add even relative urls.
if (validRedirect.startsWith("/")) { if (validRedirect.startsWith("/")) {
URI baseUri = uriInfo.getBaseUri(); validRedirect = relativeToAbsoluteURI(uriInfo, validRedirect);
String uri = baseUri.getScheme() + "://" + baseUri.getHost();
if (baseUri.getPort() != -1) {
uri += ":" + baseUri.getPort();
}
validRedirect = uri + validRedirect;
logger.debugv("replacing relative valid redirect with: {0}", validRedirect); logger.debugv("replacing relative valid redirect with: {0}", validRedirect);
resolveValidRedirects.add(validRedirect);
} }
resolveValidRedirects.add(validRedirect);
} }
return resolveValidRedirects; return resolveValidRedirects;
} }
public static String relativeToAbsoluteURI(UriInfo uriInfo, String relative) {
URI baseUri = uriInfo.getBaseUri();
String uri = baseUri.getScheme() + "://" + baseUri.getHost();
if (baseUri.getPort() != -1) {
uri += ":" + baseUri.getPort();
}
relative = uri + relative;
return relative;
}
private boolean checkSsl() { private boolean checkSsl() {
if (uriInfo.getBaseUri().getScheme().equals("https")) { if (uriInfo.getBaseUri().getScheme().equals("https")) {
return true; return true;

View file

@ -149,7 +149,7 @@ public class RelativeUriAdapterTest {
// test logout // test logout
String logoutUri = TokenService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth")) String logoutUri = TokenService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/customer-portal").build("demo").toString(); .queryParam(OAuth2Constants.REDIRECT_URI, "/customer-portal").build("demo").toString();
driver.navigate().to(logoutUri); driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL)); Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
driver.navigate().to("http://localhost:8081/product-portal"); driver.navigate().to("http://localhost:8081/product-portal");