Repository: cxf Updated Branches: refs/heads/master d2be1f3b0 -> f5e753380
Optional inclusion of the request URI during the redirect in OidcRpAuthenticationFilter Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5e75338 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5e75338 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5e75338 Branch: refs/heads/master Commit: f5e7533806e908bd79227b29b34cc8f15c0977e3 Parents: d2be1f3 Author: Sergey Beryozkin <[email protected]> Authored: Tue Jul 26 17:07:58 2016 +0300 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Jul 26 17:07:58 2016 +0300 ---------------------------------------------------------------------- .../oidc/rp/OidcRpAuthenticationFilter.java | 18 +++++++++++++----- .../oidc/rp/OidcRpAuthenticationService.java | 3 ++- 2 files changed, 15 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f5e75338/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java index 4ef706f..569b798 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java @@ -54,21 +54,25 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter { private ClientTokenContextManager stateManager; private String redirectUri; private String roleClaim; + private boolean addRequestUriAsRedirectQuery; public void filter(ContainerRequestContext rc) { if (checkSecurityContext(rc)) { return; } else if (redirectUri != null) { - URI redirectAddress = null; + UriBuilder redirectBuilder = null; if (redirectUri.startsWith("/")) { String basePath = (String)mc.get("http.base.path"); - redirectAddress = UriBuilder.fromUri(basePath).path(redirectUri).build(); + redirectBuilder = UriBuilder.fromUri(basePath).path(redirectUri); } else if (redirectUri.startsWith("http")) { - redirectAddress = URI.create(redirectUri); + redirectBuilder = UriBuilder.fromUri(URI.create(redirectUri)); } else { - UriBuilder ub = rc.getUriInfo().getBaseUriBuilder().path(redirectUri); - redirectAddress = ub.build(); + redirectBuilder = rc.getUriInfo().getBaseUriBuilder().path(redirectUri); } + if (addRequestUriAsRedirectQuery) { + redirectBuilder.queryParam("state", rc.getUriInfo().getRequestUri().toString()); + } + URI redirectAddress = redirectBuilder.build(); rc.abortWith(Response.seeOther(redirectAddress) .header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store") .header("Pragma", "no-cache") @@ -124,4 +128,8 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter { public void setRoleClaim(String roleClaim) { this.roleClaim = roleClaim; } + + public void setAddRequestUriAsRedirectQuery(boolean addRequestUriAsRedirectQuery) { + this.addRequestUriAsRedirectQuery = addRequestUriAsRedirectQuery; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/f5e75338/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java index 39c7b7b..e417035 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java @@ -30,6 +30,7 @@ import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; +import org.apache.cxf.common.util.UrlUtils; import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.client.ClientTokenContextManager; @@ -61,7 +62,7 @@ public class OidcRpAuthenticationService { String basePath = (String)mc.get("http.base.path"); redirectUri = UriBuilder.fromUri(basePath).path(defaultLocation).build(); } else if (location != null) { - redirectUri = URI.create(location); + redirectUri = URI.create(UrlUtils.urlDecode(location)); } if (redirectUri != null) { return Response.seeOther(redirectUri).build();
