always perform strict redirect URI matches in HEART mode

pull/1046/head
Justin Richer 9 years ago
parent fa4ed7ea06
commit 5bccb602d8

@ -19,6 +19,7 @@
*/ */
package org.mitre.oauth2.service.impl; package org.mitre.oauth2.service.impl;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.service.BlacklistedSiteService; import org.mitre.openid.connect.service.BlacklistedSiteService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException; import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
@ -43,6 +44,9 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
@Autowired @Autowired
private BlacklistedSiteService blacklistService; private BlacklistedSiteService blacklistService;
@Autowired
private ConfigurationPropertiesBean config;
private boolean strictMatch = false; private boolean strictMatch = false;
/* (non-Javadoc) /* (non-Javadoc)
@ -80,8 +84,13 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
* @return the strictMatch * @return the strictMatch
*/ */
public boolean isStrictMatch() { public boolean isStrictMatch() {
if (config.isHeartMode()) {
// HEART mode enforces strict matching
return true;
} else {
return strictMatch; return strictMatch;
} }
}
/** /**
* Set this to true to require exact string matches for all redirect URIs. (Default is false) * Set this to true to require exact string matches for all redirect URIs. (Default is false)

Loading…
Cancel
Save