/** * Attempt to match one of the registered URIs to the that of the requested one. * * @param redirectUris the set of the registered URIs to try and find a match. This cannot be null or empty. * @param requestedRedirect the URI used as part of the request * @return the matching URI * @throws RedirectMismatchException if no match was found */ private String obtainMatchingRedirect(Set<String> redirectUris, String requestedRedirect) { Assert.notEmpty(redirectUris, "Redirect URIs cannot be empty"); if (redirectUris.size() == 1 && requestedRedirect == null) { return redirectUris.iterator().next(); } for (String redirectUri : redirectUris) { if (requestedRedirect != null && redirectMatches(requestedRedirect, redirectUri)) { return requestedRedirect; } } throw new RedirectMismatchException("Invalid redirect: " + requestedRedirect + " does not match one of the registered values."); } }
@Override public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception { Set<String> registeredRedirectUris = ofNullable(client.getRegisteredRedirectUri()).orElse(emptySet()); if (registeredRedirectUris.isEmpty()) { throw new RedirectMismatchException("Client registration is missing redirect_uri"); } List<String> invalidUrls = registeredRedirectUris.stream() .filter(url -> !UaaUrlUtils.isValidRegisteredRedirectUrl(url)) .collect(Collectors.toList()); if (!invalidUrls.isEmpty()) { throw new RedirectMismatchException("Client registration contains invalid redirect_uri: " + invalidUrls); } return super.resolveRedirect(requestedRedirect, client); } }
ex = new RedirectMismatchException(errorMessage); ex = new RedirectMismatchException(errorMessage);
return new RedirectMismatchException(errorMessage);
ex = new RedirectMismatchException(errorMessage); ex = new RedirectMismatchException(errorMessage);
throw new RedirectMismatchException("Redirect URI mismatch.");
throw new RedirectMismatchException("Unable to find redirect URI and none passed in."); throw new RedirectMismatchException("Claims redirect did not match the registered values.");
String resolvedRedirect = redirectResolver.resolveRedirect(redirectUriParameter, client); if (!StringUtils.hasText(resolvedRedirect)) { throw new RedirectMismatchException( "A redirectUri must be either supplied or preconfigured in the ClientDetails");
@Before public void setup() { client = new BaseClientDetails("id", "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", redirectUrl); clientDetailsService = mock(ClientServicesExtension.class); redirectResolver = mock(RedirectResolver.class); calculator = mock(OpenIdSessionStateCalculator.class); String zoneID = IdentityZoneHolder.get().getId(); when(clientDetailsService.loadClientByClientId(eq(client.getClientId()), eq(zoneID))).thenReturn(client); when(redirectResolver.resolveRedirect(eq(redirectUrl), same(client))).thenReturn(redirectUrl); when(redirectResolver.resolveRedirect(eq(HTTP_SOME_OTHER_SITE_CALLBACK), same(client))).thenThrow(new RedirectMismatchException("")); when(calculator.calculate(anyString(), anyString(), anyString())).thenReturn("sessionstate.salt"); uaaAuthorizationEndpoint = new UaaAuthorizationEndpoint(); uaaAuthorizationEndpoint.setOpenIdSessionStateCalculator(calculator); uaaAuthorizationEndpoint.setRedirectResolver(redirectResolver); uaaAuthorizationEndpoint.setClientDetailsService(clientDetailsService); request = new MockHttpServletRequest("GET", "/oauth/authorize"); request.setParameter(OAuth2Utils.CLIENT_ID, client.getClientId()); request.setParameter(OAuth2Utils.RESPONSE_TYPE, responseType); response = new MockHttpServletResponse(); }
resolvedRedirect = redirectResolver.resolveRedirect(redirectUriParameter, client); } catch (RedirectMismatchException rme) { throw new RedirectMismatchException( "Invalid redirect " + redirectUriParameter + " did not match one of the registered values"); throw new RedirectMismatchException( "A redirectUri must be either supplied or preconfigured in the ClientDetails");
/** * Attempt to match one of the registered URIs to the that of the requested one. * * @param redirectUris the set of the registered URIs to try and find a match. This cannot be null or empty. * @param requestedRedirect the URI used as part of the request * @return the matching URI * @throws RedirectMismatchException if no match was found */ private String obtainMatchingRedirect(Set<String> redirectUris, String requestedRedirect) { Assert.notEmpty(redirectUris, "Redirect URIs cannot be empty"); if (redirectUris.size() == 1 && requestedRedirect == null) { return redirectUris.iterator().next(); } for (String redirectUri : redirectUris) { if (requestedRedirect != null && redirectMatches(requestedRedirect, redirectUri)) { return requestedRedirect; } } throw new RedirectMismatchException("Invalid redirect: " + requestedRedirect + " does not match one of the registered values."); } }
private void validateRedirectUri(String redirectUri, AuthorizationRequest pendingAuthorizationRequest) { // https://jira.springsource.org/browse/SECOAUTH-333 // This might be null, if the authorization was done without the redirect_uri parameter String redirectUriApprovalParameter = pendingAuthorizationRequest.getAuthorizationParameters().get(AuthorizationRequest.REDIRECT_URI); String uri = pendingAuthorizationRequest.getRedirectUri(); if ((redirectUriApprovalParameter != null && redirectUri == null) || (redirectUriApprovalParameter != null && (!uri.startsWith(redirectUri)))) { throw new RedirectMismatchException("Redirect URI mismatch."); } }
ex = new RedirectMismatchException(errorMessage); ex = new RedirectMismatchException(errorMessage);
return new RedirectMismatchException(errorMessage);
ex = new RedirectMismatchException(errorMessage); ex = new RedirectMismatchException(errorMessage);
throw new RedirectMismatchException("Unable to find redirect URI and none passed in."); throw new RedirectMismatchException("Claims redirect did not match the registered values.");
throw new RedirectMismatchException("Redirect URI mismatch.");
throw new RedirectMismatchException("Redirect URI mismatch.");
throw new RedirectMismatchException("Redirect URI mismatch.");
String resolvedRedirect = redirectResolver.resolveRedirect(redirectUriParameter, client); if (!StringUtils.hasText(resolvedRedirect)) { throw new RedirectMismatchException( "A redirectUri must be either supplied or preconfigured in the ClientDetails");