github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

created blacklist aware redirect resolver and wired it in, closes #549

pull/618/head
Justin Richer 2014-06-10 16:29:45 -04:00
parent d0e40d7cbd
commit a106121af3
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openid-connect-server-webapp/src/main/webapp/WEB-INF/authz-config.xml
View File

@ -36,6 +36,7 @@
token-services-ref="defaultOAuth2ProviderTokenService"
user-approval-handler-ref="tofuUserApprovalHandler"
request-validator-ref="oauthRequestValidator"
redirect-resolver-ref="blacklistAwareRedirectResolver"
authorization-endpoint-url="/authorize"
token-endpoint-url="/token">

40
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java Normal file
View File

@ -0,0 +1,40 @@
/**
*
*/
package org.mitre.oauth2.service.impl;
import org.mitre.openid.connect.service.BlacklistedSiteService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver;
import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
import org.springframework.stereotype.Component;
/**
* @author jricher
*
*/
@Component("blacklistAwareRedirectResolver")
public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
@Autowired
private BlacklistedSiteService blacklistService;
/* (non-Javadoc)
* @see org.springframework.security.oauth2.provider.endpoint.RedirectResolver#resolveRedirect(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails)
*/
@Override
public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception {
String redirect = super.resolveRedirect(requestedRedirect, client);
if (blacklistService.isBlacklisted(redirect)) {
// don't let it go through
throw new InvalidRequestException("The supplied redirect_uri is not allowed on this server.");
} else {
// not blacklisted, passed the parent test, we're fine
return redirect;
}
}
}