libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #1874 from stianst/KEYCLOAK-2134-IFRAME

Browse source 
KEYCLOAK-2134 login-status-iframe.html without any parameter throws 5…
This commit is contained in:
Stian Thorgersen 2015-11-26 08:19:28 +01:00
commit e764461b1a
1 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
View file

@ -12,6 +12,7 @@ import org.keycloak.common.util.UriUtils;
import javax.ws.rs.GET;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
@ -38,13 +39,17 @@ public class LoginStatusIframeEndpoint {
@Produces(MediaType.TEXT_HTML)
public Response getLoginStatusIframe(@QueryParam("client_id") String client_id,
@QueryParam("origin") String origin) {
if (client_id == null || origin == null) {
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
if (!UriUtils.isOrigin(origin)) {
throw new BadRequestException("Invalid origin");
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
ClientModel client = realm.getClientByClientId(client_id);
if (client == null) {
throw new NotFoundException("could not find client");
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
InputStream is = getClass().getClassLoader().getResourceAsStream("login-status-iframe.html");
@ -71,7 +76,7 @@ public class LoginStatusIframeEndpoint {
}
if (!valid) {
throw new BadRequestException("Invalid origin");
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
try {
@ -84,7 +89,7 @@ public class LoginStatusIframeEndpoint {
return Response.ok(file).cacheControl(cacheControl).build();
} catch (IOException e) {
throw new RuntimeException(e);
throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
}
}