Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[#1762] enh: follow desired request scheme when doing redirection #1727

Merged
merged 1 commit into from
Sep 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, Ser
ServletResponse response) throws Exception {
if (request instanceof HttpServletRequest) {
FallbackPredicate loginFallbackType = (FallbackPredicate) request.getAttribute(LOGIN_PREDICATE_ATTR_NAME);
redirectToSaved(WebUtils.toHttp(request), WebUtils.toHttp(response), loginFallbackType, "");
redirectToSaved(WebUtils.toHttp(request), WebUtils.toHttp(response), loginFallbackType, "/");
}
return false;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ public boolean isLoggedIn() {
}

public boolean redirectIfLoggedIn() {
return redirectIfLoggedIn("");
return redirectIfLoggedIn("/");
}

public boolean redirectIfLoggedIn(String view) {
Expand Down Expand Up @@ -155,7 +155,7 @@ public static void redirectToView(FallbackPredicate useFallbackPath, String fall
public static void login(String username, String password, boolean rememberMe) {
try {
SecurityUtils.getSubject().login(new UsernamePasswordToken(username, password, rememberMe));
redirectToSaved(Faces.getRequestAttribute(LOGIN_PREDICATE_ATTR_NAME), "");
redirectToSaved(Faces.getRequestAttribute(LOGIN_PREDICATE_ATTR_NAME), "/");
} catch (AuthenticationException e) {
Faces.setFlashAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, e);
int loginFailedWaitTime = Faces.getRequestAttribute(LOGIN_WAITTIME_ATTR_NAME);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
import org.apache.shiro.session.SessionException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.SubjectContext;
import static org.apache.shiro.ee.listeners.EnvironmentLoaderListener.isShiroEERedirectDisabled;
import static org.apache.shiro.web.filter.authz.SslFilter.HTTPS_SCHEME;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
Expand All @@ -58,6 +59,7 @@
import org.apache.shiro.web.subject.WebSubjectContext;
import org.apache.shiro.web.util.WebUtils;
import org.omnifaces.util.Servlets;
import org.omnifaces.util.Utils;

/**
* Stops JEE server from interpreting Shiro principal as direct EJB principal,
Expand All @@ -83,7 +85,7 @@ private static class WrappedRequest extends ShiroHttpServletRequest {
@Getter(value = AccessLevel.PRIVATE, lazy = true)
private final boolean httpsNeeded = createHttpButNeedHttps();
@Getter(value = AccessLevel.PRIVATE, lazy = true)
private final StringBuffer secureRequestURL = rewriteHttpToHttps();
private final StringBuffer secureRequestURL = httpsRequestURL();

WrappedRequest(HttpServletRequest wrapped, ServletContext servletContext, boolean httpSessions) {
super(wrapped, servletContext, httpSessions);
Expand Down Expand Up @@ -127,7 +129,7 @@ private boolean createHttpButNeedHttps() {
.getHeader(X_FORWARDED_PROTO));
}

private StringBuffer rewriteHttpToHttps() {
private StringBuffer httpsRequestURL() {
return new StringBuffer(HTTP_TO_HTTPS.matcher(super.getRequestURL())
.replaceFirst(HTTPS_SCHEME + "$1"));
}
Expand All @@ -147,6 +149,15 @@ public void addCookie(Cookie cookie) {
super.addCookie(cookie);
}
}

@Override
public void sendRedirect(String location) throws IOException {
if (!Utils.startsWithOneOf(location, "http://", "https://")
&& !isShiroEERedirectDisabled(request.getServletContext())) {
location = Servlets.getRequestDomainURL(WebUtils.toHttp(request)) + location;
}
super.sendRedirect(location);
}
}

@RequiredArgsConstructor
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
@WebListener
public class EnvironmentLoaderListener extends EnvironmentLoader implements ServletContextListener {
private static final String SHIRO_EE_DISABLED_PARAM = "org.apache.shiro.ee.disabled";
private static final String SHIRO_EE_REDIRECT_DISABLED_PARAM = "org.apache.shiro.ee.redirect.disabled";
private static final String FORM_RESUBMIT_DISABLED_PARAM = "org.apache.shiro.form-resubmit.disabled";
private static final String FORM_RESUBMIT_SECURE_COOKIES = "org.apache.shiro.form-resubmit.secure-cookies";
private static final String SHIRO_WEB_DISABLE_PRINCIPAL_PARAM = "org.apache.shiro.web.disable-principal";
Expand All @@ -41,6 +42,10 @@ public static boolean isShiroEEDisabled(ServletContext ctx) {
return Boolean.TRUE.equals(ctx.getAttribute(SHIRO_EE_DISABLED_PARAM));
}

public static boolean isShiroEERedirectDisabled(ServletContext ctx) {
return Boolean.TRUE.equals(ctx.getAttribute(SHIRO_EE_REDIRECT_DISABLED_PARAM));
}

public static boolean isFormResubmitDisabled(ServletContext ctx) {
return Boolean.TRUE.equals(ctx.getAttribute(FORM_RESUBMIT_DISABLED_PARAM));
}
Expand All @@ -58,6 +63,9 @@ public void contextInitialized(ServletContextEvent sce) {
if (Boolean.parseBoolean(sce.getServletContext().getInitParameter(SHIRO_EE_DISABLED_PARAM))) {
sce.getServletContext().setAttribute(SHIRO_EE_DISABLED_PARAM, Boolean.TRUE);
}
if (Boolean.parseBoolean(sce.getServletContext().getInitParameter(SHIRO_EE_REDIRECT_DISABLED_PARAM))) {
sce.getServletContext().setAttribute(SHIRO_EE_REDIRECT_DISABLED_PARAM, Boolean.TRUE);
}
if (Boolean.parseBoolean(sce.getServletContext().getInitParameter(FORM_RESUBMIT_DISABLED_PARAM))) {
sce.getServletContext().setAttribute(FORM_RESUBMIT_DISABLED_PARAM, Boolean.TRUE);
}
Expand Down