fix relative uri problem
This commit is contained in:
parent
46bf0d78fa
commit
cfee00d4c5
4 changed files with 24 additions and 10 deletions
|
@ -1,4 +1,4 @@
|
||||||
<section>
|
<section id="jboss-adapter">
|
||||||
<title>JBoss/Wildfly Adapter</title>
|
<title>JBoss/Wildfly Adapter</title>
|
||||||
<para>
|
<para>
|
||||||
To be able to secure WAR apps deployed on JBoss AS 7.1.1, JBoss EAP 6.x, or Wildfly, you must install and
|
To be able to secure WAR apps deployed on JBoss AS 7.1.1, JBoss EAP 6.x, or Wildfly, you must install and
|
||||||
|
@ -7,7 +7,7 @@
|
||||||
to crack open your WARs at all and can apply Keycloak via the Keycloak Subsystem configuration in standalone.xml.
|
to crack open your WARs at all and can apply Keycloak via the Keycloak Subsystem configuration in standalone.xml.
|
||||||
Both methods are described in this section.
|
Both methods are described in this section.
|
||||||
</para>
|
</para>
|
||||||
<section>
|
<section id="jboss-adapter-installation">
|
||||||
<title>Adapter Installation</title>
|
<title>Adapter Installation</title>
|
||||||
<para>
|
<para>
|
||||||
This is a adapter zip file for AS7, EAP, and Wildfly in the <literal>adapters/</literal> directory in the Keycloak
|
This is a adapter zip file for AS7, EAP, and Wildfly in the <literal>adapters/</literal> directory in the Keycloak
|
||||||
|
|
|
@ -106,6 +106,11 @@ keycloak-war-dist-all-1.0-rc-1-SNAPSHOT/
|
||||||
$ cp -r configuration $JBOSS_HOME/standalone
|
$ cp -r configuration $JBOSS_HOME/standalone
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
<para>
|
||||||
|
After these steps you should also <link linkend='jboss-adapter-installation'>install the client adapter</link>
|
||||||
|
as this may contain modules the server needs (like Bouncycastle). You will also need to install the adapter
|
||||||
|
to run the examples on the same server.
|
||||||
|
</para>
|
||||||
<para>
|
<para>
|
||||||
After booting up the JBoss or Wildfly distro, you can then make sure it is installed properly
|
After booting up the JBoss or Wildfly distro, you can then make sure it is installed properly
|
||||||
by logging into the admin console at<ulink
|
by logging into the admin console at<ulink
|
||||||
|
|
|
@ -1288,6 +1288,9 @@ public class TokenService {
|
||||||
|
|
||||||
valid = matchesRedirects(resolveValidRedirects, r);
|
valid = matchesRedirects(resolveValidRedirects, r);
|
||||||
}
|
}
|
||||||
|
if (valid && redirectUri.startsWith("/")) {
|
||||||
|
redirectUri = relativeToAbsoluteURI(uriInfo, redirectUri);
|
||||||
|
}
|
||||||
redirectUri = valid ? redirectUri : null;
|
redirectUri = valid ? redirectUri : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1302,20 +1305,26 @@ public class TokenService {
|
||||||
// If the valid redirect URI is relative (no scheme, host, port) then use the request's scheme, host, and port
|
// If the valid redirect URI is relative (no scheme, host, port) then use the request's scheme, host, and port
|
||||||
Set<String> resolveValidRedirects = new HashSet<String>();
|
Set<String> resolveValidRedirects = new HashSet<String>();
|
||||||
for (String validRedirect : validRedirects) {
|
for (String validRedirect : validRedirects) {
|
||||||
|
resolveValidRedirects.add(validRedirect); // add even relative urls.
|
||||||
if (validRedirect.startsWith("/")) {
|
if (validRedirect.startsWith("/")) {
|
||||||
URI baseUri = uriInfo.getBaseUri();
|
validRedirect = relativeToAbsoluteURI(uriInfo, validRedirect);
|
||||||
String uri = baseUri.getScheme() + "://" + baseUri.getHost();
|
|
||||||
if (baseUri.getPort() != -1) {
|
|
||||||
uri += ":" + baseUri.getPort();
|
|
||||||
}
|
|
||||||
validRedirect = uri + validRedirect;
|
|
||||||
logger.debugv("replacing relative valid redirect with: {0}", validRedirect);
|
logger.debugv("replacing relative valid redirect with: {0}", validRedirect);
|
||||||
|
resolveValidRedirects.add(validRedirect);
|
||||||
}
|
}
|
||||||
resolveValidRedirects.add(validRedirect);
|
|
||||||
}
|
}
|
||||||
return resolveValidRedirects;
|
return resolveValidRedirects;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static String relativeToAbsoluteURI(UriInfo uriInfo, String relative) {
|
||||||
|
URI baseUri = uriInfo.getBaseUri();
|
||||||
|
String uri = baseUri.getScheme() + "://" + baseUri.getHost();
|
||||||
|
if (baseUri.getPort() != -1) {
|
||||||
|
uri += ":" + baseUri.getPort();
|
||||||
|
}
|
||||||
|
relative = uri + relative;
|
||||||
|
return relative;
|
||||||
|
}
|
||||||
|
|
||||||
private boolean checkSsl() {
|
private boolean checkSsl() {
|
||||||
if (uriInfo.getBaseUri().getScheme().equals("https")) {
|
if (uriInfo.getBaseUri().getScheme().equals("https")) {
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -149,7 +149,7 @@ public class RelativeUriAdapterTest {
|
||||||
// test logout
|
// test logout
|
||||||
|
|
||||||
String logoutUri = TokenService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
String logoutUri = TokenService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/customer-portal").build("demo").toString();
|
.queryParam(OAuth2Constants.REDIRECT_URI, "/customer-portal").build("demo").toString();
|
||||||
driver.navigate().to(logoutUri);
|
driver.navigate().to(logoutUri);
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
driver.navigate().to("http://localhost:8081/product-portal");
|
driver.navigate().to("http://localhost:8081/product-portal");
|
||||||
|
|
Loading…
Reference in a new issue