Details
diff --git a/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java b/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
index 89ee9bc..a090da7 100755
--- a/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
+++ b/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
@@ -82,14 +82,7 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
}
}
public Response redirect(UriInfo uriInfo, String redirectUri) {
- return redirect(uriInfo, redirectUri, null);
- }
-
- public Response redirect(UriInfo uriInfo, String redirectUri, String path) {
String state = getStateCode();
- if (path != null) {
- state += "#" + path;
- }
UriBuilder uriBuilder = UriBuilder.fromUri(authUrl)
.queryParam("client_id", clientId)
@@ -98,6 +91,7 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
if (scope != null) {
uriBuilder.queryParam("scope", scope);
}
+
URI url = uriBuilder.build();
NewCookie cookie = new NewCookie(getStateCookieName(), state, getStateCookiePath(uriInfo), null, null, -1, isSecure, true);
@@ -130,7 +124,7 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
return uriInfo.getQueryParameters().getFirst("code");
}
- public String checkStateCookie(UriInfo uriInfo, HttpHeaders headers) {
+ public void checkStateCookie(UriInfo uriInfo, HttpHeaders headers) {
Cookie stateCookie = headers.getCookies().get(stateCookieName);
if (stateCookie == null) throw new BadRequestException("state cookie not set");
String state = uriInfo.getQueryParameters().getFirst("state");
@@ -138,10 +132,5 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
if (!state.equals(stateCookie.getValue())) {
throw new BadRequestException("state parameter invalid");
}
- if (state.indexOf('#') != -1) {
- return state.substring(state.indexOf('#') + 1);
- } else {
- return null;
- }
}
}
diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index e63262a..7ceddc9 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -259,6 +259,8 @@ public class AccountService {
public Response loginRedirect(@QueryParam("code") String code,
@QueryParam("state") String state,
@QueryParam("error") String error,
+ @QueryParam("path") String path,
+ @QueryParam("referrer") String referrer,
@Context HttpHeaders headers) {
try {
if (error != null) {
@@ -282,7 +284,6 @@ public class AccountService {
logger.debug("state not specified");
throw new BadRequestException();
}
- String path = new JaxrsOAuthClient().checkStateCookie(uriInfo, headers);
JWSInput input = new JWSInput(code);
boolean verifiedCode = false;
@@ -321,6 +322,9 @@ public class AccountService {
URI accountUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName());
URI redirectUri = path != null ? accountUri.resolve(path) : accountUri;
+ if (referrer != null) {
+ redirectUri = redirectUri.resolve("?referrer=" + referrer);
+ }
NewCookie cookie = authManager.createAccountIdentityCookie(realm, accessCode.getUser(), client, Urls.accountBase(uriInfo.getBaseUri()).build(realm.getName()));
return Response.status(302).cookie(cookie).location(redirectUri).build();
@@ -346,15 +350,22 @@ public class AccountService {
oauth.setClientId(Constants.ACCOUNT_APPLICATION);
- URI accountUri = Urls.accountPageBuilder(uriInfo.getBaseUri()).path(AccountService.class, "loginRedirect").build(realm.getName());
+ UriBuilder uriBuilder = Urls.accountPageBuilder(uriInfo.getBaseUri()).path(AccountService.class, "loginRedirect");
+
+ if (path != null) {
+ uriBuilder.queryParam("path", path);
+ }
String referrer = getReferrer();
if (referrer != null) {
- path = (path != null ? path : "") + "?referrer=" + referrer;
+ uriBuilder.queryParam("referrer", referrer);
}
+ URI accountUri = uriBuilder.build(realm.getName());
+
+
oauth.setStateCookiePath(accountUri.getRawPath());
- return oauth.redirect(uriInfo, accountUri.toString(), path);
+ return oauth.redirect(uriInfo, accountUri.toString());
}
private AuthenticationManager.Auth getAuth(boolean error) {
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
index 0ae7163..8665803 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
@@ -235,10 +235,15 @@ public class AdminService {
logger.debug("authUrl: {0}", authUrl);
oauth.setAuthUrl(authUrl);
oauth.setClientId(Constants.ADMIN_CONSOLE_APPLICATION);
- URI redirectUri = uriInfo.getBaseUriBuilder().path(AdminService.class).path(AdminService.class, "loginRedirect").build();
+
+ UriBuilder redirectBuilder = uriInfo.getBaseUriBuilder().path(AdminService.class).path(AdminService.class, "loginRedirect");
+ if (path != null) {
+ redirectBuilder.queryParam("path", path);
+ }
+ URI redirectUri = redirectBuilder.build();
logger.debug("redirectUri: {0}", redirectUri.toString());
oauth.setStateCookiePath(redirectUri.getRawPath());
- return oauth.redirect(uriInfo, redirectUri.toString(), path);
+ return oauth.redirect(uriInfo, redirectUri.toString());
}
@Path("login-error")
@@ -263,6 +268,7 @@ public class AdminService {
public Response loginRedirect(@QueryParam("code") String code,
@QueryParam("state") String state,
@QueryParam("error") String error,
+ @QueryParam("path") String path,
@Context HttpHeaders headers
) {
@@ -293,7 +299,7 @@ public class AdminService {
logger.debug("state not specified");
return redirectOnLoginError("invalid login data");
}
- String path = new JaxrsOAuthClient().checkStateCookie(uriInfo, headers);
+ new JaxrsOAuthClient().checkStateCookie(uriInfo, headers);
JWSInput input = new JWSInput(code);
boolean verifiedCode = false;
