You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/07/26 14:08:14 UTC
cxf git commit: Optional inclusion of the request URI during the
redirect in OidcRpAuthenticationFilter
Repository: cxf
Updated Branches:
refs/heads/master d2be1f3b0 -> f5e753380
Optional inclusion of the request URI during the redirect in OidcRpAuthenticationFilter
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5e75338
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5e75338
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5e75338
Branch: refs/heads/master
Commit: f5e7533806e908bd79227b29b34cc8f15c0977e3
Parents: d2be1f3
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Jul 26 17:07:58 2016 +0300
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Jul 26 17:07:58 2016 +0300
----------------------------------------------------------------------
.../oidc/rp/OidcRpAuthenticationFilter.java | 18 +++++++++++++-----
.../oidc/rp/OidcRpAuthenticationService.java | 3 ++-
2 files changed, 15 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/f5e75338/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
index 4ef706f..569b798 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
@@ -54,21 +54,25 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter {
private ClientTokenContextManager stateManager;
private String redirectUri;
private String roleClaim;
+ private boolean addRequestUriAsRedirectQuery;
public void filter(ContainerRequestContext rc) {
if (checkSecurityContext(rc)) {
return;
} else if (redirectUri != null) {
- URI redirectAddress = null;
+ UriBuilder redirectBuilder = null;
if (redirectUri.startsWith("/")) {
String basePath = (String)mc.get("http.base.path");
- redirectAddress = UriBuilder.fromUri(basePath).path(redirectUri).build();
+ redirectBuilder = UriBuilder.fromUri(basePath).path(redirectUri);
} else if (redirectUri.startsWith("http")) {
- redirectAddress = URI.create(redirectUri);
+ redirectBuilder = UriBuilder.fromUri(URI.create(redirectUri));
} else {
- UriBuilder ub = rc.getUriInfo().getBaseUriBuilder().path(redirectUri);
- redirectAddress = ub.build();
+ redirectBuilder = rc.getUriInfo().getBaseUriBuilder().path(redirectUri);
}
+ if (addRequestUriAsRedirectQuery) {
+ redirectBuilder.queryParam("state", rc.getUriInfo().getRequestUri().toString());
+ }
+ URI redirectAddress = redirectBuilder.build();
rc.abortWith(Response.seeOther(redirectAddress)
.header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store")
.header("Pragma", "no-cache")
@@ -124,4 +128,8 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter {
public void setRoleClaim(String roleClaim) {
this.roleClaim = roleClaim;
}
+
+ public void setAddRequestUriAsRedirectQuery(boolean addRequestUriAsRedirectQuery) {
+ this.addRequestUriAsRedirectQuery = addRequestUriAsRedirectQuery;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/f5e75338/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
index 39c7b7b..e417035 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
@@ -30,6 +30,7 @@ import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
+import org.apache.cxf.common.util.UrlUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.client.ClientTokenContextManager;
@@ -61,7 +62,7 @@ public class OidcRpAuthenticationService {
String basePath = (String)mc.get("http.base.path");
redirectUri = UriBuilder.fromUri(basePath).path(defaultLocation).build();
} else if (location != null) {
- redirectUri = URI.create(location);
+ redirectUri = URI.create(UrlUtils.urlDecode(location));
}
if (redirectUri != null) {
return Response.seeOther(redirectUri).build();