|
|
@ -19,6 +19,7 @@ |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
package org.mitre.oauth2.service.impl; |
|
|
|
package org.mitre.oauth2.service.impl; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import org.mitre.openid.connect.config.ConfigurationPropertiesBean; |
|
|
|
import org.mitre.openid.connect.service.BlacklistedSiteService; |
|
|
|
import org.mitre.openid.connect.service.BlacklistedSiteService; |
|
|
|
import org.springframework.beans.factory.annotation.Autowired; |
|
|
|
import org.springframework.beans.factory.annotation.Autowired; |
|
|
|
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException; |
|
|
|
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException; |
|
|
@ -43,6 +44,9 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver { |
|
|
|
@Autowired |
|
|
|
@Autowired |
|
|
|
private BlacklistedSiteService blacklistService; |
|
|
|
private BlacklistedSiteService blacklistService; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Autowired |
|
|
|
|
|
|
|
private ConfigurationPropertiesBean config; |
|
|
|
|
|
|
|
|
|
|
|
private boolean strictMatch = false; |
|
|
|
private boolean strictMatch = false; |
|
|
|
|
|
|
|
|
|
|
|
/* (non-Javadoc) |
|
|
|
/* (non-Javadoc) |
|
|
@ -80,8 +84,13 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver { |
|
|
|
* @return the strictMatch |
|
|
|
* @return the strictMatch |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
public boolean isStrictMatch() { |
|
|
|
public boolean isStrictMatch() { |
|
|
|
|
|
|
|
if (config.isHeartMode()) { |
|
|
|
|
|
|
|
// HEART mode enforces strict matching
|
|
|
|
|
|
|
|
return true; |
|
|
|
|
|
|
|
} else { |
|
|
|
return strictMatch; |
|
|
|
return strictMatch; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
|
* Set this to true to require exact string matches for all redirect URIs. (Default is false) |
|
|
|
* Set this to true to require exact string matches for all redirect URIs. (Default is false) |
|
|
|