libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

fix relative uri problem

Browse source
This commit is contained in:
Bill Burke 2014-08-14 11:01:04 -04:00
parent 46bf0d78fa
commit cfee00d4c5
4 changed files with 24 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docbook/reference/en/en-US/modules/jboss-adapter.xml
View file

@ -1,4 +1,4 @@
<section>
<section id="jboss-adapter">
<title>JBoss/Wildfly Adapter</title>
<para>
To be able to secure WAR apps deployed on JBoss AS 7.1.1, JBoss EAP 6.x, or Wildfly, you must install and
@ -7,7 +7,7 @@
to crack open your WARs at all and can apply Keycloak via the Keycloak Subsystem configuration in standalone.xml.
Both methods are described in this section.
</para>
<section>
<section id="jboss-adapter-installation">
<title>Adapter Installation</title>
<para>
This is a adapter zip file for AS7, EAP, and Wildfly in the <literal>adapters/</literal> directory in the Keycloak

5
docbook/reference/en/en-US/modules/server-installation.xml
View file

@ -106,6 +106,11 @@ keycloak-war-dist-all-1.0-rc-1-SNAPSHOT/
$ cp -r configuration $JBOSS_HOME/standalone
</programlisting>
</para>
<para>
After these steps you should also <link linkend='jboss-adapter-installation'>install the client adapter</link>
as this may contain modules the server needs (like Bouncycastle). You will also need to install the adapter
to run the examples on the same server.
</para>
<para>
After booting up the JBoss or Wildfly distro, you can then make sure it is installed properly
by logging into the admin console at<ulink

23
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -1288,6 +1288,9 @@ public class TokenService {
valid = matchesRedirects(resolveValidRedirects, r);
}
if (valid && redirectUri.startsWith("/")) {
redirectUri = relativeToAbsoluteURI(uriInfo, redirectUri);
}
redirectUri = valid ? redirectUri : null;
}
@ -1302,20 +1305,26 @@ public class TokenService {
// If the valid redirect URI is relative (no scheme, host, port) then use the request's scheme, host, and port
Set<String> resolveValidRedirects = new HashSet<String>();
for (String validRedirect : validRedirects) {
resolveValidRedirects.add(validRedirect); // add even relative urls.
if (validRedirect.startsWith("/")) {
URI baseUri = uriInfo.getBaseUri();
String uri = baseUri.getScheme() + "://" + baseUri.getHost();
if (baseUri.getPort() != -1) {
uri += ":" + baseUri.getPort();
}
validRedirect = uri + validRedirect;
validRedirect = relativeToAbsoluteURI(uriInfo, validRedirect);
logger.debugv("replacing relative valid redirect with: {0}", validRedirect);
resolveValidRedirects.add(validRedirect);
}
resolveValidRedirects.add(validRedirect);
}
return resolveValidRedirects;
}
public static String relativeToAbsoluteURI(UriInfo uriInfo, String relative) {
URI baseUri = uriInfo.getBaseUri();
String uri = baseUri.getScheme() + "://" + baseUri.getHost();
if (baseUri.getPort() != -1) {
uri += ":" + baseUri.getPort();
}
relative = uri + relative;
return relative;
}
private boolean checkSsl() {
if (uriInfo.getBaseUri().getScheme().equals("https")) {
return true;

2
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
View file

@ -149,7 +149,7 @@ public class RelativeUriAdapterTest {
// test logout
String logoutUri = TokenService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/customer-portal").build("demo").toString();
.queryParam(OAuth2Constants.REDIRECT_URI, "/customer-portal").build("demo").toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
driver.navigate().to("http://localhost:8081/product-portal");