From ad1f0f2f964ce6114a8a67959c469398b4ca3987 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 16 Aug 2024 15:25:04 -0700 Subject: [PATCH] NOJIRA: Support for callback URL not ending with "callback" Added additional property for callbackSuffix - callback url suffix doesn't have to be "/callback" now (still the default). --- .../pac4j/Pac4jConfigurationProperties.java | 3 ++- .../shibui/pac4j/Pac4jSpringSecurityConfig.java | 5 +++-- .../shibui/pac4j/ShibuiCallbackFilter.java | 17 +++++++++++++++++ 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java index 19507d1c0..739320147 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java @@ -17,6 +17,7 @@ public class Pac4jConfigurationProperties { final static String DEFAULT_AUTH_HEADER = "REMOTE_USER"; private String authenticationHeader = DEFAULT_AUTH_HEADER; + private String callbackSuffix = "/callback"; private String callbackUrl; private boolean forceServiceProviderMetadataGeneration = false; private String identityProviderMetadataPath = "/tmp/idp-metadata.xml"; @@ -32,7 +33,7 @@ public class Pac4jConfigurationProperties { private String postLogoutURL; private boolean wantAssertionsSigned = true; - + @Getter @Setter public static class SimpleProfileMapping { diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java index 6810b5ee9..f3c64ec4a 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java @@ -92,8 +92,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { // add correct auth filter switch (pac4jConfigurationProperties.getTypeOfAuth()) { case "SAML2": - ShibuiCallbackFilter callbackFilter = new ShibuiCallbackFilter(this.config); - http.securityMatcher("/callback*").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class); + String callbackSuffix = pac4jConfigurationProperties.getCallbackSuffix(); + ShibuiCallbackFilter callbackFilter = new ShibuiCallbackFilter(this.config, callbackSuffix); + http.securityMatcher(callbackSuffix +"*").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class); break; case "HEADER": final SecurityFilter securityFilterForHeader = new SecurityFilter(this.config, PAC4J_CLIENT_NAME); diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/ShibuiCallbackFilter.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/ShibuiCallbackFilter.java index 1963de981..f5b6c24e6 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/ShibuiCallbackFilter.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/ShibuiCallbackFilter.java @@ -55,6 +55,23 @@ protected HttpAction redirectToOriginallyRequestedUrl(CallContext ctx, String de setConfig(config); } + public ShibuiCallbackFilter(Config config, String callbackSuffix) { + // Added this because we were seeing odd behavior where the favicon request was getting in the mix and the return to the + // dashboard url was getting lost. + config.setCallbackLogicIfUndefined(new DefaultCallbackLogic() { + @Override + protected HttpAction redirectToOriginallyRequestedUrl(CallContext ctx, String defaultUrl) { + HttpAction action = super.redirectToOriginallyRequestedUrl(ctx, defaultUrl); + if (action instanceof SeeOtherAction && ((SeeOtherAction) action).getLocation().contains("favicon")) { + return new FoundAction(defaultUrl); + } + return action; + } + }); + setConfig(config); + suffix = callbackSuffix; + } + @Override public void init(final FilterConfig filterConfig) throws ServletException { super.init(filterConfig);