You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/07/26 14:08:14 UTC

cxf git commit: Optional inclusion of the request URI during the redirect in OidcRpAuthenticationFilter

Repository: cxf
Updated Branches:
  refs/heads/master d2be1f3b0 -> f5e753380


Optional inclusion of the request URI during the redirect in OidcRpAuthenticationFilter


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5e75338
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5e75338
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5e75338

Branch: refs/heads/master
Commit: f5e7533806e908bd79227b29b34cc8f15c0977e3
Parents: d2be1f3
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Jul 26 17:07:58 2016 +0300
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Jul 26 17:07:58 2016 +0300

----------------------------------------------------------------------
 .../oidc/rp/OidcRpAuthenticationFilter.java       | 18 +++++++++++++-----
 .../oidc/rp/OidcRpAuthenticationService.java      |  3 ++-
 2 files changed, 15 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f5e75338/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
index 4ef706f..569b798 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
@@ -54,21 +54,25 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter {
     private ClientTokenContextManager stateManager;
     private String redirectUri;
     private String roleClaim;
+    private boolean addRequestUriAsRedirectQuery;
     
     public void filter(ContainerRequestContext rc) {
         if (checkSecurityContext(rc)) {
             return;
         } else if (redirectUri != null) {
-            URI redirectAddress = null;
+            UriBuilder redirectBuilder = null;
             if (redirectUri.startsWith("/")) {
                 String basePath = (String)mc.get("http.base.path");
-                redirectAddress = UriBuilder.fromUri(basePath).path(redirectUri).build();
+                redirectBuilder = UriBuilder.fromUri(basePath).path(redirectUri);
             } else if (redirectUri.startsWith("http")) {
-                redirectAddress = URI.create(redirectUri);
+                redirectBuilder = UriBuilder.fromUri(URI.create(redirectUri));
             } else {
-                UriBuilder ub = rc.getUriInfo().getBaseUriBuilder().path(redirectUri);
-                redirectAddress = ub.build();
+                redirectBuilder = rc.getUriInfo().getBaseUriBuilder().path(redirectUri);
             }
+            if (addRequestUriAsRedirectQuery) {
+                redirectBuilder.queryParam("state", rc.getUriInfo().getRequestUri().toString());
+            }
+            URI redirectAddress = redirectBuilder.build();
             rc.abortWith(Response.seeOther(redirectAddress)
                            .header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store")
                            .header("Pragma", "no-cache") 
@@ -124,4 +128,8 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter {
     public void setRoleClaim(String roleClaim) {
         this.roleClaim = roleClaim;
     }
+    
+    public void setAddRequestUriAsRedirectQuery(boolean addRequestUriAsRedirectQuery) {
+        this.addRequestUriAsRedirectQuery = addRequestUriAsRedirectQuery;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f5e75338/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
index 39c7b7b..e417035 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
@@ -30,6 +30,7 @@ import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
+import org.apache.cxf.common.util.UrlUtils;
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth2.client.ClientTokenContextManager;
 
@@ -61,7 +62,7 @@ public class OidcRpAuthenticationService {
             String basePath = (String)mc.get("http.base.path");
             redirectUri = UriBuilder.fromUri(basePath).path(defaultLocation).build();
         } else if (location != null) {
-            redirectUri = URI.create(location);
+            redirectUri = URI.create(UrlUtils.urlDecode(location));
         }
         if (redirectUri != null) {
             return Response.seeOther(redirectUri).build();