parent
743bb696d9
commit
e86bf1f0b2
4 changed files with 0 additions and 42 deletions
|
@ -21,7 +21,6 @@ import org.keycloak.common.Version;
|
||||||
import org.keycloak.headers.SecurityHeadersProvider;
|
import org.keycloak.headers.SecurityHeadersProvider;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.services.util.CacheControlUtil;
|
import org.keycloak.services.util.CacheControlUtil;
|
||||||
import org.keycloak.services.util.P3PHelper;
|
|
||||||
|
|
||||||
import jakarta.ws.rs.core.CacheControl;
|
import jakarta.ws.rs.core.CacheControl;
|
||||||
import jakarta.ws.rs.core.Response;
|
import jakarta.ws.rs.core.Response;
|
||||||
|
@ -41,7 +40,6 @@ public class IframeUtil {
|
||||||
|
|
||||||
InputStream resource = IframeUtil.class.getResourceAsStream(fileName);
|
InputStream resource = IframeUtil.class.getResourceAsStream(fileName);
|
||||||
if (resource != null) {
|
if (resource != null) {
|
||||||
P3PHelper.addP3PHeader(session);
|
|
||||||
session.getProvider(SecurityHeadersProvider.class).options().allowAnyFrameAncestor();
|
session.getProvider(SecurityHeadersProvider.class).options().allowAnyFrameAncestor();
|
||||||
return Response.ok(resource).cacheControl(cacheControl).build();
|
return Response.ok(resource).cacheControl(cacheControl).build();
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -84,7 +84,6 @@ import org.keycloak.services.resources.LoginActionsService;
|
||||||
import org.keycloak.services.resources.RealmsResource;
|
import org.keycloak.services.resources.RealmsResource;
|
||||||
import org.keycloak.services.util.AuthorizationContextUtil;
|
import org.keycloak.services.util.AuthorizationContextUtil;
|
||||||
import org.keycloak.services.util.CookieHelper;
|
import org.keycloak.services.util.CookieHelper;
|
||||||
import org.keycloak.services.util.P3PHelper;
|
|
||||||
import org.keycloak.sessions.AuthenticationSessionModel;
|
import org.keycloak.sessions.AuthenticationSessionModel;
|
||||||
import org.keycloak.sessions.CommonClientSessionModel;
|
import org.keycloak.sessions.CommonClientSessionModel;
|
||||||
import org.keycloak.sessions.RootAuthenticationSessionModel;
|
import org.keycloak.sessions.RootAuthenticationSessionModel;
|
||||||
|
@ -800,7 +799,6 @@ public class AuthenticationManager {
|
||||||
// Max age should be set to the max lifespan of the session as it's used to invalidate old-sessions on re-login
|
// Max age should be set to the max lifespan of the session as it's used to invalidate old-sessions on re-login
|
||||||
int sessionCookieMaxAge = session.isRememberMe() && realm.getSsoSessionMaxLifespanRememberMe() > 0 ? realm.getSsoSessionMaxLifespanRememberMe() : realm.getSsoSessionMaxLifespan();
|
int sessionCookieMaxAge = session.isRememberMe() && realm.getSsoSessionMaxLifespanRememberMe() > 0 ? realm.getSsoSessionMaxLifespanRememberMe() : realm.getSsoSessionMaxLifespan();
|
||||||
CookieHelper.addCookie(KEYCLOAK_SESSION_COOKIE, sessionCookieValue, cookiePath, null, null, sessionCookieMaxAge, secureOnly, false, SameSiteAttributeValue.NONE, keycloakSession);
|
CookieHelper.addCookie(KEYCLOAK_SESSION_COOKIE, sessionCookieValue, cookiePath, null, null, sessionCookieMaxAge, secureOnly, false, SameSiteAttributeValue.NONE, keycloakSession);
|
||||||
P3PHelper.addP3PHeader(keycloakSession);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void createRememberMeCookie(String username, UriInfo uriInfo, KeycloakSession session) {
|
public static void createRememberMeCookie(String username, UriInfo uriInfo, KeycloakSession session) {
|
||||||
|
|
|
@ -1,35 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
* and other contributors as indicated by the @author tags.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.keycloak.services.util;
|
|
||||||
|
|
||||||
import org.keycloak.http.HttpResponse;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* IE requires P3P header to allow loading cookies from iframes when domain differs from main page (see KEYCLOAK-2828 for more details)
|
|
||||||
*
|
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
|
||||||
*/
|
|
||||||
public class P3PHelper {
|
|
||||||
|
|
||||||
public static void addP3PHeader(KeycloakSession session) {
|
|
||||||
HttpResponse response = session.getContext().getHttpResponse();
|
|
||||||
response.setHeader("P3P", "CP=\"This is not a P3P policy!\"");
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -88,8 +88,6 @@ public class LoginStatusIframeEndpointTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
response = client.execute(post);
|
response = client.execute(post);
|
||||||
|
|
||||||
assertEquals("CP=\"This is not a P3P policy!\"", response.getFirstHeader("P3P").getValue());
|
|
||||||
|
|
||||||
Header setIdentityCookieHeader = null;
|
Header setIdentityCookieHeader = null;
|
||||||
Header setSessionCookieHeader = null;
|
Header setSessionCookieHeader = null;
|
||||||
for (Header h : response.getAllHeaders()) {
|
for (Header h : response.getAllHeaders()) {
|
||||||
|
@ -123,7 +121,6 @@ public class LoginStatusIframeEndpointTest extends AbstractKeycloakTest {
|
||||||
response = client.execute(get);
|
response = client.execute(get);
|
||||||
|
|
||||||
assertEquals(200, response.getStatusLine().getStatusCode());
|
assertEquals(200, response.getStatusLine().getStatusCode());
|
||||||
assertEquals("CP=\"This is not a P3P policy!\"", response.getFirstHeader("P3P").getValue());
|
|
||||||
assertNull(response.getFirstHeader(BrowserSecurityHeaders.X_FRAME_OPTIONS.getHeaderName()));
|
assertNull(response.getFirstHeader(BrowserSecurityHeaders.X_FRAME_OPTIONS.getHeaderName()));
|
||||||
assertEquals("frame-src 'self'; object-src 'none';", response.getFirstHeader(BrowserSecurityHeaders.CONTENT_SECURITY_POLICY.getHeaderName()).getValue());
|
assertEquals("frame-src 'self'; object-src 'none';", response.getFirstHeader(BrowserSecurityHeaders.CONTENT_SECURITY_POLICY.getHeaderName()).getValue());
|
||||||
assertEquals("none", response.getFirstHeader(BrowserSecurityHeaders.X_ROBOTS_TAG.getHeaderName()).getValue());
|
assertEquals("none", response.getFirstHeader(BrowserSecurityHeaders.X_ROBOTS_TAG.getHeaderName()).getValue());
|
||||||
|
|
Loading…
Reference in a new issue