Prosoft Git

keycloak-uncached

Merge pull request #2326 from stianst/KEYCLOAK-2592 Keycloak

3/7/2016 2:12:17 AM
Stian Thorgersen

Stian Thorgersen

Commit: 4f04756

Tree: bf7697b

Parents: b709ca9
57b6ddb

Changes

adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java 2(+1 -1)

core/src/main/java/org/keycloak/AbstractOAuthClient.java 8(+8 -0)

services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java 5(+3 -2)

Details

adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java 2(+1 -1) 

diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
index 0683075..cf51bdf 100755
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
@@ -206,7 +206,7 @@ public class OAuthRequestAuthenticator {
                 tokenStore.saveRequest();
                 log.debug("Sending redirect to login page: " + redirect);
                 exchange.getResponse().setStatus(302);
-                exchange.getResponse().setCookie(deployment.getStateCookieName(), state, /* need to set path? */ null, null, -1, deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr()), false);
+                exchange.getResponse().setCookie(deployment.getStateCookieName(), state, /* need to set path? */ null, null, -1, deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr()), true);
                 exchange.getResponse().setHeader("Location", redirect);
                 return true;
             }

core/src/main/java/org/keycloak/AbstractOAuthClient.java 8(+8 -0) 

diff --git a/core/src/main/java/org/keycloak/AbstractOAuthClient.java b/core/src/main/java/org/keycloak/AbstractOAuthClient.java
old mode 100755
new mode 100644
index bf75b57..5eeb399
--- a/core/src/main/java/org/keycloak/AbstractOAuthClient.java
+++ b/core/src/main/java/org/keycloak/AbstractOAuthClient.java
@@ -110,6 +110,14 @@ public class AbstractOAuthClient {
         this.publicClient = publicClient;
     }
 
+    public boolean isSecure() {
+        return isSecure;
+    }
+
+    public void setSecure(boolean secure) {
+        isSecure = secure;
+    }
+
     public RelativeUrlsUsed getRelativeUrlsUsed() {
         return relativeUrlsUsed;
     }

services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java 5(+3 -2) 

diff --git a/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java b/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java
index 45df982..547424c 100755
--- a/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java
@@ -177,6 +177,8 @@ public abstract class AbstractSecuredLocalService {
 
         oauth.setClientId(client.getClientId());
 
+        oauth.setSecure(realm.getSslRequired().isRequired(clientConnection));
+
         UriBuilder uriBuilder = UriBuilder.fromUri(getBaseRedirectUri()).path("login-redirect");
 
         if (path != null) {
@@ -247,8 +249,7 @@ public abstract class AbstractSecuredLocalService {
 
             URI url = uriBuilder.build();
 
-            // todo httpOnly!
-            NewCookie cookie = new NewCookie(getStateCookieName(), state, getStateCookiePath(uriInfo), null, null, -1, isSecure);
+            NewCookie cookie = new NewCookie(getStateCookieName(), state, getStateCookiePath(uriInfo), null, null, -1, isSecure, true);
             logger.debug("NewCookie: " + cookie.toString());
             logger.debug("Oauth Redirect to: " + url);
             return Response.status(302)

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github