Skip to content

Commit

Permalink
FISH-8055 Validate Request URL with Proxy host & port
Browse files Browse the repository at this point in the history
  • Loading branch information
@jGauravGupta
jGauravGupta committed Feb 2, 2024
1 parent c981dab commit 7bbd16f
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 9 deletions.
23 changes: 23 additions & 0 deletions openid/src/main/java/fish/payara/security/openid/OpenIdAuthenticationMechanism.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,29 @@ private AuthenticationStatus authenticate(
if (receivedState.isPresent() && request.getParameter(CODE) != null) {
// this is OAuth callback
String redirectURI = configuration.buildRedirectURI(request);
if (!request.getRequestURL().toString().equals(redirectURI)) {
if (configuration.getProxyConfiguration() != null && !configuration.getProxyConfiguration().getHostName().isEmpty()) {
// Check if request URL matches proxy host name and port
String proxyHost = configuration.getProxyConfiguration().getHostName();
String proxyPort = configuration.getProxyConfiguration().getPort();

String requestURLWithProxy;
if (!proxyPort.isEmpty()) {
requestURLWithProxy = String.format("%s://%s:%s", request.getScheme(), proxyHost, proxyPort) + request.getRequestURI();
} else {
requestURLWithProxy = String.format("%s://%s", request.getScheme(), proxyHost) + request.getRequestURI();
}
if (!requestURLWithProxy.equals(request.getRequestURL().toString())) {
LOGGER.log(INFO, "OpenID Redirect URL {0} does not match with the request URL {1} through proxy {2}:{3}",
new Object[]{redirectURI, requestURLWithProxy, proxyHost, proxyPort});
return httpContext.notifyContainerAboutLogin(NOT_VALIDATED_RESULT);
}
} else {
LOGGER.log(INFO, "OpenID Redirect URL {0} does not match with the request URL {1}",
new Object[]{redirectURI, request.getRequestURL().toString()});
return httpContext.notifyContainerAboutLogin(NOT_VALIDATED_RESULT);
}
}
if (!request.getRequestURL().toString().equals(redirectURI)) {
LOGGER.log(INFO, "OpenID Redirect URL {0} not matched with request URL {1}", new Object[]{redirectURI,
request.getRequestURL().toString()});
Expand Down
21 changes: 12 additions & 9 deletions openid/src/main/java/fish/payara/security/openid/domain/OpenIdConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,17 +96,20 @@ public OpenIdConfiguration setClientSecret(char[] clientSecret) {
public String buildRedirectURI(HttpServletRequest request) {
String uri = redirectURI;
if (redirectURI.contains(BASE_URL_EXPRESSION)) {
String baseURL = request.getRequestURL().substring(0, request.getRequestURL().length() - request.getRequestURI().length())
+ request.getContextPath();
String baseURL;
if (proxyConfiguration != null
&& !proxyConfiguration.getHostName().isEmpty()) {
baseURL = request.getScheme() + "://" + proxyConfiguration.getHostName();
if (!proxyConfiguration.getPort().isEmpty()) {
baseURL = baseURL + ":" + proxyConfiguration.getPort();
}
baseURL = baseURL + request.getContextPath();
} else {
baseURL = request.getRequestURL().substring(0, request.getRequestURL().length() - request.getRequestURI().length())
+ request.getContextPath();
}
uri = redirectURI.replace(BASE_URL_EXPRESSION, baseURL);
}

if (proxyConfiguration != null
&& !proxyConfiguration.getHostName().isEmpty()
&& !proxyConfiguration.getPort().isEmpty()) {
uri = uri.replace(request.getServerName(), proxyConfiguration.getHostName());
uri = uri.replace(String.valueOf(request.getServerPort()), proxyConfiguration.getPort());
}
return uri;
}

Expand Down

0 comments on commit 7bbd16f

Please sign in to comment.