libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-2900

Browse source
This commit is contained in:
mposolda 2016-04-25 08:16:37 +02:00
parent 6c3d31dd4c
commit fa8b272e76
1 changed files with 21 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
services/src/main/java/org/keycloak/services/resources/WelcomeResource.java
View file

@ -81,8 +81,6 @@ public class WelcomeResource {
@Context @Context
private KeycloakSession session; private KeycloakSession session;
private String stateChecker;
public WelcomeResource(boolean bootstrap) { public WelcomeResource(boolean bootstrap) {
this.bootstrap = bootstrap; this.bootstrap = bootstrap;
} }
@ -119,8 +117,9 @@ public class WelcomeResource {
throw new WebApplicationException(Response.Status.BAD_REQUEST); throw new WebApplicationException(Response.Status.BAD_REQUEST);
} }
String stateChecker = formData.getFirst("stateChecker"); String cookieStateChecker = getCsrfCookie();
csrfCheck(stateChecker); String formStateChecker = formData.getFirst("stateChecker");
csrfCheck(cookieStateChecker, formStateChecker);
String username = formData.getFirst("username"); String username = formData.getFirst("username");
String password = formData.getFirst("password"); String password = formData.getFirst("password");
@ -181,10 +180,13 @@ public class WelcomeResource {
Map<String, Object> map = new HashMap<>(); Map<String, Object> map = new HashMap<>();
map.put("bootstrap", bootstrap); map.put("bootstrap", bootstrap);
if (bootstrap) { if (bootstrap) {
map.put("localUser", isLocal()); boolean isLocal = isLocal();
map.put("localUser", isLocal);
updateCsrfChecks(); if (isLocal) {
map.put("stateChecker", stateChecker); String stateChecker = updateCsrfChecks();
map.put("stateChecker", stateChecker);
}
} }
if (successMessage != null) { if (successMessage != null) {
map.put("successMessage", successMessage); map.put("successMessage", successMessage);
@ -230,20 +232,26 @@ public class WelcomeResource {
} }
} }
private void updateCsrfChecks() { private String updateCsrfChecks() {
Cookie cookie = headers.getCookies().get(KEYCLOAK_STATE_CHECKER); String stateChecker = getCsrfCookie();
if (cookie != null) { if (stateChecker != null) {
stateChecker = cookie.getValue(); return stateChecker;
} else { } else {
stateChecker = KeycloakModelUtils.generateSecret(); stateChecker = KeycloakModelUtils.generateSecret();
String cookiePath = uriInfo.getPath(); String cookiePath = uriInfo.getPath();
boolean secureOnly = uriInfo.getRequestUri().getScheme().equalsIgnoreCase("https"); boolean secureOnly = uriInfo.getRequestUri().getScheme().equalsIgnoreCase("https");
CookieHelper.addCookie(KEYCLOAK_STATE_CHECKER, stateChecker, cookiePath, null, null, -1, secureOnly, true); CookieHelper.addCookie(KEYCLOAK_STATE_CHECKER, stateChecker, cookiePath, null, null, -1, secureOnly, true);
return stateChecker;
} }
} }
private void csrfCheck(String stateChecker) { private String getCsrfCookie() {
if (!this.stateChecker.equals(stateChecker)) { Cookie cookie = headers.getCookies().get(KEYCLOAK_STATE_CHECKER);
return cookie==null ? null : cookie.getValue();
}
private void csrfCheck(String cookieStateChecker, String formStateChecker) {
if (cookieStateChecker == null || !cookieStateChecker.equals(formStateChecker)) {
throw new ForbiddenException(); throw new ForbiddenException();
} }
} }