created blacklist aware redirect resolver and wired it in, closes #549
parent
d0e40d7cbd
commit
a106121af3
|
@ -36,6 +36,7 @@
|
||||||
token-services-ref="defaultOAuth2ProviderTokenService"
|
token-services-ref="defaultOAuth2ProviderTokenService"
|
||||||
user-approval-handler-ref="tofuUserApprovalHandler"
|
user-approval-handler-ref="tofuUserApprovalHandler"
|
||||||
request-validator-ref="oauthRequestValidator"
|
request-validator-ref="oauthRequestValidator"
|
||||||
|
redirect-resolver-ref="blacklistAwareRedirectResolver"
|
||||||
authorization-endpoint-url="/authorize"
|
authorization-endpoint-url="/authorize"
|
||||||
token-endpoint-url="/token">
|
token-endpoint-url="/token">
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
package org.mitre.oauth2.service.impl;
|
||||||
|
|
||||||
|
import org.mitre.openid.connect.service.BlacklistedSiteService;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
|
||||||
|
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
|
||||||
|
import org.springframework.security.oauth2.provider.ClientDetails;
|
||||||
|
import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver;
|
||||||
|
import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author jricher
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
@Component("blacklistAwareRedirectResolver")
|
||||||
|
public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private BlacklistedSiteService blacklistService;
|
||||||
|
|
||||||
|
/* (non-Javadoc)
|
||||||
|
* @see org.springframework.security.oauth2.provider.endpoint.RedirectResolver#resolveRedirect(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception {
|
||||||
|
String redirect = super.resolveRedirect(requestedRedirect, client);
|
||||||
|
if (blacklistService.isBlacklisted(redirect)) {
|
||||||
|
// don't let it go through
|
||||||
|
throw new InvalidRequestException("The supplied redirect_uri is not allowed on this server.");
|
||||||
|
} else {
|
||||||
|
// not blacklisted, passed the parent test, we're fine
|
||||||
|
return redirect;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue