Java Code Examples for org.keycloak.representations.idm.ClientRepresentation#getRedirectUris()

The following examples show how to use org.keycloak.representations.idm.ClientRepresentation#getRedirectUris() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AbstractAdapterTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up
protected void modifyClientRedirectUris(RealmRepresentation realm, String regex, String... replacement) {
    if (realm.getClients() != null) {
        for (ClientRepresentation client : realm.getClients()) {
            List<String> redirectUris = client.getRedirectUris();
            if (redirectUris != null) {
                List<String> newRedirectUris = new ArrayList<>();
                for (String uri : redirectUris) {
                    for (String uriReplacement : replacement) {
                        newRedirectUris.add(uri.replaceAll(regex, uriReplacement));
                    }

                }
                client.setRedirectUris(newRedirectUris);
            }
        }
    }
}
 
Example 2
Source File: AbstractAdapterTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up
/**
 * Modifies baseUrl, adminUrl and redirectUris for client based on real
 * deployment url of the app.
 *
 * @param realm
 * @param clientId
 * @param deploymentUrl
 */
protected void fixClientUrisUsingDeploymentUrl(RealmRepresentation realm, String clientId, String deploymentUrl) {
    for (ClientRepresentation client : realm.getClients()) {
        if (clientId.equals(client.getClientId())) {
            if (client.getBaseUrl() != null) {
                client.setBaseUrl(deploymentUrl);
            }
            if (client.getAdminUrl() != null) {
                client.setAdminUrl(deploymentUrl);
            }
            List<String> redirectUris = client.getRedirectUris();
            if (redirectUris != null) {
                List<String> newRedirectUris = new ArrayList<>();
                for (String uri : redirectUris) {
                    newRedirectUris.add(deploymentUrl + "/*");
                }
                client.setRedirectUris(newRedirectUris);
            }
        }
    }
}
 
Example 3
Source File: ClientValidator.java    From keycloak with Apache License 2.0 6 votes vote down vote up
/**
 * Checks if the Client's Redirect URIs doesn't contain any URI fragments (like http://example.org/auth#fragment)
 *
 * @see <a href="https://issues.jboss.org/browse/KEYCLOAK-3421">KEYCLOAK-3421</a>
 * @param client
 * @param messages
 * @return true if Redirect URIs doesn't contain any URI with fragments
 */
public static boolean validate(ClientRepresentation client, ValidationMessages messages) {
    boolean isValid = true;

    if (client.getRedirectUris() != null) {
        long urisWithFragmentCount = client.getRedirectUris().stream().filter(p -> p.contains("#")).count();
        if (urisWithFragmentCount > 0) {
            messages.add("redirectUris", "Redirect URIs must not contain an URI fragment", "clientRedirectURIsFragmentError");
            isValid = false;
        }
    }

    if (client.getRootUrl() != null && client.getRootUrl().contains("#")) {
        messages.add("rootUrl", "Root URL must not contain an URL fragment", "clientRootURLFragmentError");
        isValid = false;
    }

    return isValid;
}
 
Example 4
Source File: CASLoginProtocolFactory.java    From keycloak-protocol-cas with Apache License 2.0 5 votes vote down vote up
@Override
public void setupClientDefaults(ClientRepresentation rep, ClientModel newClient) {
    if (rep.getRootUrl() != null && (rep.getRedirectUris() == null || rep.getRedirectUris().isEmpty())) {
        String root = rep.getRootUrl();
        if (root.endsWith("/")) root = root + "*";
        else root = root + "/*";
        newClient.addRedirectUri(root);
    }

    if (rep.getAdminUrl() == null && rep.getRootUrl() != null) {
        newClient.setManagementUrl(rep.getRootUrl());
    }
}
 
Example 5
Source File: AbstractKeycloakTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public void fixAuthServerHostAndPortForClientRepresentation(ClientRepresentation cr) {
    cr.setBaseUrl(removeDefaultPorts(replaceAuthHostWithRealHost(cr.getBaseUrl())));
    cr.setAdminUrl(removeDefaultPorts(replaceAuthHostWithRealHost(cr.getAdminUrl())));

    if (cr.getRedirectUris() != null && !cr.getRedirectUris().isEmpty()) {
        List<String> fixedUrls = new ArrayList<>(cr.getRedirectUris().size());
        for (String url : cr.getRedirectUris()) {
            fixedUrls.add(removeDefaultPorts(replaceAuthHostWithRealHost(url)));
        }

        cr.setRedirectUris(fixedUrls);
    }
}
 
Example 6
Source File: AbstractKeycloakTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private void modifyRedirectUrls(ClientRepresentation cr) {
    if (cr.getRedirectUris() != null && cr.getRedirectUris().size() > 0) {
        List<String> redirectUrls = cr.getRedirectUris();
        List<String> fixedRedirectUrls = new ArrayList<>(redirectUrls.size());
        for (String url : redirectUrls) {
            fixedRedirectUrls.add(replaceHttpValuesWithHttps(url));
        }
        cr.setRedirectUris(fixedRedirectUrls);
    }
}
 
Example 7
Source File: ClientManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public void addRedirectUris(String... redirectUris) {
    ClientRepresentation app = clientResource.toRepresentation();
    if (app.getRedirectUris() == null) {
        app.setRedirectUris(new LinkedList<String>());
    }
    for (String redirectUri : redirectUris) {
        app.getRedirectUris().add(redirectUri);
    }
    clientResource.update(app);
}
 
Example 8
Source File: ClientManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public void removeRedirectUris(String... redirectUris) {
    ClientRepresentation app = clientResource.toRepresentation();
    for (String redirectUri : redirectUris) {
        if (app.getRedirectUris() != null) {
            app.getRedirectUris().remove(redirectUri);
        }
    }
    clientResource.update(app);
}
 
Example 9
Source File: OIDCLoginProtocolFactory.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public void setupClientDefaults(ClientRepresentation rep, ClientModel newClient) {
    if (rep.getRootUrl() != null && (rep.getRedirectUris() == null || rep.getRedirectUris().isEmpty())) {
        String root = rep.getRootUrl();
        if (root.endsWith("/")) root = root + "*";
        else root = root + "/*";
        newClient.addRedirectUri(root);

        Set<String> origins = new HashSet<String>();
        String origin = UriUtils.getOrigin(root);
        logger.debugv("adding default client origin: {0}" , origin);
        origins.add(origin);
        newClient.setWebOrigins(origins);
    }
    if (rep.isBearerOnly() == null
            && rep.isPublicClient() == null) {
        newClient.setPublicClient(true);
    }
    if (rep.isBearerOnly() == null) newClient.setBearerOnly(false);
    if (rep.getAdminUrl() == null && rep.getRootUrl() != null) {
        newClient.setManagementUrl(rep.getRootUrl());
    }


    // Backwards compatibility only
    if (rep.isDirectGrantsOnly() != null) {
        ServicesLogger.LOGGER.usingDeprecatedDirectGrantsOnly();
        newClient.setStandardFlowEnabled(!rep.isDirectGrantsOnly());
        newClient.setDirectAccessGrantsEnabled(rep.isDirectGrantsOnly());
    } else {
        if (rep.isStandardFlowEnabled() == null) newClient.setStandardFlowEnabled(true);
        if (rep.isDirectAccessGrantsEnabled() == null) newClient.setDirectAccessGrantsEnabled(true);

    }

    if (rep.isImplicitFlowEnabled() == null) newClient.setImplicitFlowEnabled(false);
    if (rep.isPublicClient() == null) newClient.setPublicClient(true);
    if (rep.isFrontchannelLogout() == null) newClient.setFrontchannelLogout(false);
}
 
Example 10
Source File: PairwiseClientValidator.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static boolean validate(KeycloakSession session, ClientRepresentation client, ValidationMessages messages) {
    String rootUrl = client.getRootUrl();
    Set<String> redirectUris = new HashSet<>();
    boolean valid = true;

    List<ProtocolMapperRepresentation> foundPairwiseMappers = PairwiseSubMapperUtils.getPairwiseSubMappers(client);

    for (ProtocolMapperRepresentation foundPairwise : foundPairwiseMappers) {
        String sectorIdentifierUri = PairwiseSubMapperHelper.getSectorIdentifierUri(foundPairwise);
        if (client.getRedirectUris() != null) redirectUris.addAll(client.getRedirectUris());
        valid = valid && validate(session, rootUrl, redirectUris, sectorIdentifierUri, messages);
    }

    return true;
}
 
Example 11
Source File: TrustedHostClientRegistrationPolicy.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void verifyClientUrls(ClientRegistrationContext context) throws ClientRegistrationPolicyException {
    boolean redirectUriMustMatch = isClientUrisMustMatch();
    if (!redirectUriMustMatch) {
        return;
    }

    List<String> trustedHosts = getTrustedHosts();
    List<String> trustedDomains = getTrustedDomains();

    ClientRepresentation client = context.getClient();
    String rootUrl = client.getRootUrl();
    String baseUrl = client.getBaseUrl();
    String adminUrl = client.getAdminUrl();
    List<String> redirectUris = client.getRedirectUris();

    baseUrl = relativeToAbsoluteURI(rootUrl, baseUrl);
    adminUrl = relativeToAbsoluteURI(rootUrl, adminUrl);
    Set<String> resolvedRedirects = PairwiseSubMapperUtils.resolveValidRedirectUris(rootUrl, redirectUris);

    if (rootUrl != null) {
        checkURLTrusted(rootUrl, trustedHosts, trustedDomains);
    }

    if (baseUrl != null) {
        checkURLTrusted(baseUrl, trustedHosts, trustedDomains);
    }
    if (adminUrl != null) {
        checkURLTrusted(adminUrl, trustedHosts, trustedDomains);
    }
    for (String redirect : resolvedRedirects) {
        checkURLTrusted(redirect, trustedHosts, trustedDomains);
    }

}