You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/16 14:43:21 UTC
[2/2] cxf git commit: Update to the redirect_uri validation code
Update to the redirect_uri validation code
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d2ed88cc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d2ed88cc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d2ed88cc
Branch: refs/heads/3.1.x-fixes
Commit: d2ed88ccb247d4105de34a5b675c0fc198795209
Parents: ed04211
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Nov 16 13:40:04 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Nov 16 13:43:05 2015 +0000
----------------------------------------------------------------------
.../security/oauth2/services/RedirectionBasedGrantService.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/d2ed88cc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 667de92..8435cdf 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -363,8 +363,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
List<String> uris = client.getRedirectUris();
if (redirectUri != null) {
- if (!uris.contains(redirectUri)) {
- redirectUri = null;
+ if (!uris.isEmpty() && !uris.contains(redirectUri)) {
+ reportInvalidRequestError("Client Redirect Uri is invalid");
}
} else if (uris.size() == 1 && useRegisteredRedirectUriIfPossible) {
redirectUri = uris.get(0);