From 78d60b473c218c1d9a390005cf683cbadf6d4360 Mon Sep 17 00:00:00 2001 From: Sergey Beryozkin Date: Wed, 6 Jul 2022 22:17:33 +0100 Subject: [PATCH] Strip the scheme value from the OIDC proxy host --- .../KeycloakPolicyEnforcerRecorder.java | 8 +++- extensions/oidc-common/runtime/pom.xml | 5 +++ .../oidc/common/runtime/OidcCommonUtils.java | 9 +++- .../common/runtime/OidcCommonUtilsTest.java | 45 +++++++++++++++++++ 4 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 extensions/oidc-common/runtime/src/test/java/io/quarkus/oidc/common/runtime/OidcCommonUtilsTest.java diff --git a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerRecorder.java b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerRecorder.java index 12047157ab20b..cb59aa64574b7 100644 --- a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerRecorder.java +++ b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerRecorder.java @@ -1,5 +1,6 @@ package io.quarkus.keycloak.pep.runtime; +import java.net.URI; import java.util.HashMap; import java.util.Map; import java.util.Optional; @@ -90,8 +91,11 @@ private static PolicyEnforcer createPolicyEnforcer(OidcTenantConfig oidcConfig, adapterConfig.setConnectionPoolSize(keycloakPolicyEnforcerConfig.connectionPoolSize); if (oidcConfig.proxy.host.isPresent()) { - adapterConfig.setProxyUrl(oidcConfig.proxy.host.get() + ":" - + oidcConfig.proxy.port); + String host = oidcConfig.proxy.host.get(); + if (!host.startsWith("http://") && !host.startsWith("https://")) { + host = URI.create(authServerUrl).getScheme() + "://" + host; + } + adapterConfig.setProxyUrl(host + ":" + oidcConfig.proxy.port); } PolicyEnforcerConfig enforcerConfig = getPolicyEnforcerConfig(keycloakPolicyEnforcerConfig, diff --git a/extensions/oidc-common/runtime/pom.xml b/extensions/oidc-common/runtime/pom.xml index 0044d2e98f444..f33160893a635 100644 --- a/extensions/oidc-common/runtime/pom.xml +++ b/extensions/oidc-common/runtime/pom.xml @@ -42,6 +42,11 @@ io.quarkus quarkus-smallrye-jwt-build + + io.quarkus + quarkus-junit5-internal + test + diff --git a/extensions/oidc-common/runtime/src/main/java/io/quarkus/oidc/common/runtime/OidcCommonUtils.java b/extensions/oidc-common/runtime/src/main/java/io/quarkus/oidc/common/runtime/OidcCommonUtils.java index 5ad51f3bc1e1f..c5abaa1879145 100644 --- a/extensions/oidc-common/runtime/src/main/java/io/quarkus/oidc/common/runtime/OidcCommonUtils.java +++ b/extensions/oidc-common/runtime/src/main/java/io/quarkus/oidc/common/runtime/OidcCommonUtils.java @@ -228,7 +228,14 @@ public static Optional toProxyOptions(OidcCommonConfig.Proxy proxy return Optional.empty(); } JsonObject jsonOptions = new JsonObject(); - jsonOptions.put("host", proxyConfig.host.get()); + // Vert.x Client currently does not expect a host having a scheme but keycloak-authorization expects scheme and host. + // Having a dedicated scheme property is probably better, but since it is property is not taken into account in Vertx Client + // it does not really make sense as it can send a misleading message that users can choose between `http` and `https`. + String host = URI.create(proxyConfig.host.get()).getHost(); + if (host == null) { + host = proxyConfig.host.get(); + } + jsonOptions.put("host", host); jsonOptions.put("port", proxyConfig.port); if (proxyConfig.username.isPresent()) { jsonOptions.put("username", proxyConfig.username.get()); diff --git a/extensions/oidc-common/runtime/src/test/java/io/quarkus/oidc/common/runtime/OidcCommonUtilsTest.java b/extensions/oidc-common/runtime/src/test/java/io/quarkus/oidc/common/runtime/OidcCommonUtilsTest.java new file mode 100644 index 0000000000000..c4ccd112ba24f --- /dev/null +++ b/extensions/oidc-common/runtime/src/test/java/io/quarkus/oidc/common/runtime/OidcCommonUtilsTest.java @@ -0,0 +1,45 @@ +package io.quarkus.oidc.common.runtime; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +import java.net.URI; +import java.util.Optional; + +import org.junit.jupiter.api.Test; + +import io.vertx.core.net.ProxyOptions; + +public class OidcCommonUtilsTest { + + @Test + public void testProxyOptionsWithHostWithoutScheme() throws Exception { + OidcCommonConfig.Proxy config = new OidcCommonConfig.Proxy(); + config.host = Optional.of("localhost"); + config.port = 8080; + config.username = Optional.of("user"); + config.password = Optional.of("password"); + + ProxyOptions options = OidcCommonUtils.toProxyOptions(config).get(); + assertEquals("localhost", options.getHost()); + assertEquals(8080, options.getPort()); + assertEquals("user", options.getUsername()); + assertEquals("password", options.getPassword()); + } + + @Test + public void testProxyOptionsWithHostWithScheme() throws Exception { + OidcCommonConfig.Proxy config = new OidcCommonConfig.Proxy(); + config.host = Optional.of("http://localhost"); + config.port = 8080; + config.username = Optional.of("user"); + config.password = Optional.of("password"); + + assertEquals("http", URI.create(config.host.get()).getScheme()); + + ProxyOptions options = OidcCommonUtils.toProxyOptions(config).get(); + assertEquals("localhost", options.getHost()); + assertEquals(8080, options.getPort()); + assertEquals("user", options.getUsername()); + assertEquals("password", options.getPassword()); + } +}