|
|
@ -19,6 +19,7 @@
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
package org.mitre.oauth2.service.impl;
|
|
|
|
package org.mitre.oauth2.service.impl;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
|
|
|
|
import org.mitre.openid.connect.service.BlacklistedSiteService;
|
|
|
|
import org.mitre.openid.connect.service.BlacklistedSiteService;
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
|
|
|
|
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
|
|
|
@ -43,6 +44,9 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
|
|
|
|
@Autowired
|
|
|
|
@Autowired
|
|
|
|
private BlacklistedSiteService blacklistService;
|
|
|
|
private BlacklistedSiteService blacklistService;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
|
|
|
|
private ConfigurationPropertiesBean config;
|
|
|
|
|
|
|
|
|
|
|
|
private boolean strictMatch = false;
|
|
|
|
private boolean strictMatch = false;
|
|
|
|
|
|
|
|
|
|
|
|
/* (non-Javadoc)
|
|
|
|
/* (non-Javadoc)
|
|
|
@ -80,8 +84,13 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
|
|
|
|
* @return the strictMatch
|
|
|
|
* @return the strictMatch
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
public boolean isStrictMatch() {
|
|
|
|
public boolean isStrictMatch() {
|
|
|
|
|
|
|
|
if (config.isHeartMode()) {
|
|
|
|
|
|
|
|
// HEART mode enforces strict matching
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
return strictMatch;
|
|
|
|
return strictMatch;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* Set this to true to require exact string matches for all redirect URIs. (Default is false)
|
|
|
|
* Set this to true to require exact string matches for all redirect URIs. (Default is false)
|
|
|
|