Create flag to force HTTPS of value of issuer on server startup, addresses #528
John Brooks
Justin Richer
parent
b617fe0c4b
commit
56e21d3c6c
|
|
@ -43,6 +43,8 @@ public class ConfigurationPropertiesBean {
|
|||
private String logoImageUrl;
|
||||
|
||||
private Long regTokenLifeTime;
|
||||
|
||||
private boolean forceHttps;
|
||||
|
||||
public ConfigurationPropertiesBean() {
|
||||
|
||||
|
|
@ -50,11 +52,18 @@ public class ConfigurationPropertiesBean {
|
|||
|
||||
/**
|
||||
* Endpoints protected by TLS must have https scheme in the URI.
|
||||
* @throws HttpsUrlRequiredException
|
||||
*/
|
||||
@PostConstruct
|
||||
public void checkForHttps() {
|
||||
public void checkForHttps() throws HttpsUrlRequiredException {
|
||||
if (!StringUtils.startsWithIgnoreCase(issuer, "https")) {
|
||||
logger.warn("Configured issuer url is not using https scheme.");
|
||||
if (this.forceHttps) {
|
||||
logger.warn("Configured issuer url is not using https scheme. This is not allowed!");
|
||||
throw new HttpsUrlRequiredException(issuer);
|
||||
}
|
||||
else {
|
||||
logger.warn("Configured issuer url is not using https scheme.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -113,4 +122,12 @@ public class ConfigurationPropertiesBean {
|
|||
public void setRegTokenLifeTime(Long regTokenLifeTime) {
|
||||
this.regTokenLifeTime = regTokenLifeTime;
|
||||
}
|
||||
|
||||
public boolean isForceHttps() {
|
||||
return forceHttps;
|
||||
}
|
||||
|
||||
public void setForceHttps(boolean forceHttps) {
|
||||
this.forceHttps = forceHttps;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,27 @@
|
|||
package org.mitre.openid.connect.config;
|
||||
|
||||
public class HttpsUrlRequiredException extends Exception {
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
private static final long serialVersionUID = 1318613592371145910L;
|
||||
private String error;
|
||||
/**
|
||||
* @param error
|
||||
*/
|
||||
public HttpsUrlRequiredException(String error) {
|
||||
this.setError(error);
|
||||
}
|
||||
public String getError() {
|
||||
return error;
|
||||
}
|
||||
public void setError(String error) {
|
||||
this.error = error;
|
||||
}
|
||||
@Override
|
||||
public String toString() {
|
||||
return "HttpsUrlRequiredException [error=" + this.error + "]";
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -20,15 +20,20 @@
|
|||
package org.mitre.openid.connect.config;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.junit.rules.ExpectedException;
|
||||
|
||||
/**
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
public class ConfigurationPropertiesBeanTest {
|
||||
|
||||
|
||||
@Rule
|
||||
public ExpectedException expectedException = ExpectedException.none();
|
||||
/**
|
||||
* Test getters and setters for configuration object.
|
||||
*/
|
||||
|
|
@ -45,11 +50,68 @@ public class ConfigurationPropertiesBeanTest {
|
|||
bean.setIssuer(iss);
|
||||
bean.setTopbarTitle(title);
|
||||
bean.setLogoImageUrl(logoUrl);
|
||||
bean.setForceHttps(true);
|
||||
|
||||
assertEquals(iss, bean.getIssuer());
|
||||
assertEquals(title, bean.getTopbarTitle());
|
||||
assertEquals(logoUrl, bean.getLogoImageUrl());
|
||||
|
||||
assertEquals(true, bean.isForceHttps());
|
||||
}
|
||||
@Test
|
||||
public void testCheckForHttps() throws HttpsUrlRequiredException {
|
||||
ConfigurationPropertiesBean bean = new ConfigurationPropertiesBean();
|
||||
|
||||
// issuer is http
|
||||
// leave as default, which is unset/false
|
||||
try {
|
||||
bean.checkForHttps();
|
||||
}
|
||||
catch (HttpsUrlRequiredException e) {
|
||||
fail("Unexpected HttpsUrlRequiredException for http issuer with default forceHttps, message:" + e.getError());
|
||||
}
|
||||
|
||||
// set to false
|
||||
try {
|
||||
bean.setForceHttps(false);
|
||||
bean.checkForHttps();
|
||||
}
|
||||
catch (HttpsUrlRequiredException e) {
|
||||
fail("Unexpected HttpsUrlRequiredException for http issuer with forceHttps=false, message:" + e.getError());
|
||||
}
|
||||
|
||||
// set to true
|
||||
|
||||
bean.setForceHttps(true);
|
||||
this.expectedException.expect(HttpsUrlRequiredException.class);
|
||||
bean.checkForHttps();
|
||||
|
||||
// issuer is https
|
||||
// leave as default, which is unset/false
|
||||
try {
|
||||
bean.checkForHttps();
|
||||
}
|
||||
catch (HttpsUrlRequiredException e) {
|
||||
fail("Unexpected HttpsUrlRequiredException for https issuer with default forceHttps, message:" + e.getError());
|
||||
}
|
||||
|
||||
// set to false
|
||||
try {
|
||||
bean.setForceHttps(false);
|
||||
bean.checkForHttps();
|
||||
}
|
||||
catch (HttpsUrlRequiredException e) {
|
||||
fail("Unexpected HttpsUrlRequiredException for https issuer with forceHttps=false, message:" + e.getError());
|
||||
}
|
||||
|
||||
// set to true
|
||||
try {
|
||||
bean.setForceHttps(true);
|
||||
bean.checkForHttps();
|
||||
}
|
||||
catch (HttpsUrlRequiredException e) {
|
||||
fail("Unexpected HttpsUrlRequiredException for https issuer with forceHttps=true, message:" + e.getError());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue