Skip to content

Commit

Permalink
Merge pull request #26608 from sberyozkin/keycloak_authorization_prox…
Browse files Browse the repository at this point in the history
…y_scheme

Strip the scheme value from the OIDC proxy host
  • Loading branch information
gsmet authored Jul 12, 2022
2 parents fea3e8a + 78d60b4 commit 19cba3c
Show file tree
Hide file tree
Showing 4 changed files with 64 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package io.quarkus.keycloak.pep.runtime;

import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
Expand Down Expand Up @@ -90,8 +91,11 @@ private static PolicyEnforcer createPolicyEnforcer(OidcTenantConfig oidcConfig,
adapterConfig.setConnectionPoolSize(keycloakPolicyEnforcerConfig.connectionPoolSize);

if (oidcConfig.proxy.host.isPresent()) {
adapterConfig.setProxyUrl(oidcConfig.proxy.host.get() + ":"
+ oidcConfig.proxy.port);
String host = oidcConfig.proxy.host.get();
if (!host.startsWith("http://") && !host.startsWith("https://")) {
host = URI.create(authServerUrl).getScheme() + "://" + host;
}
adapterConfig.setProxyUrl(host + ":" + oidcConfig.proxy.port);
}

PolicyEnforcerConfig enforcerConfig = getPolicyEnforcerConfig(keycloakPolicyEnforcerConfig,
Expand Down
5 changes: 5 additions & 0 deletions extensions/oidc-common/runtime/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,11 @@
<groupId>io.quarkus</groupId>
<artifactId>quarkus-smallrye-jwt-build</artifactId>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-junit5-internal</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,14 @@ public static Optional<ProxyOptions> toProxyOptions(OidcCommonConfig.Proxy proxy
return Optional.empty();
}
JsonObject jsonOptions = new JsonObject();
jsonOptions.put("host", proxyConfig.host.get());
// Vert.x Client currently does not expect a host having a scheme but keycloak-authorization expects scheme and host.
// Having a dedicated scheme property is probably better, but since it is property is not taken into account in Vertx Client
// it does not really make sense as it can send a misleading message that users can choose between `http` and `https`.
String host = URI.create(proxyConfig.host.get()).getHost();
if (host == null) {
host = proxyConfig.host.get();
}
jsonOptions.put("host", host);
jsonOptions.put("port", proxyConfig.port);
if (proxyConfig.username.isPresent()) {
jsonOptions.put("username", proxyConfig.username.get());
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
package io.quarkus.oidc.common.runtime;

import static org.junit.jupiter.api.Assertions.assertEquals;

import java.net.URI;
import java.util.Optional;

import org.junit.jupiter.api.Test;

import io.vertx.core.net.ProxyOptions;

public class OidcCommonUtilsTest {

@Test
public void testProxyOptionsWithHostWithoutScheme() throws Exception {
OidcCommonConfig.Proxy config = new OidcCommonConfig.Proxy();
config.host = Optional.of("localhost");
config.port = 8080;
config.username = Optional.of("user");
config.password = Optional.of("password");

ProxyOptions options = OidcCommonUtils.toProxyOptions(config).get();
assertEquals("localhost", options.getHost());
assertEquals(8080, options.getPort());
assertEquals("user", options.getUsername());
assertEquals("password", options.getPassword());
}

@Test
public void testProxyOptionsWithHostWithScheme() throws Exception {
OidcCommonConfig.Proxy config = new OidcCommonConfig.Proxy();
config.host = Optional.of("http://localhost");
config.port = 8080;
config.username = Optional.of("user");
config.password = Optional.of("password");

assertEquals("http", URI.create(config.host.get()).getScheme());

ProxyOptions options = OidcCommonUtils.toProxyOptions(config).get();
assertEquals("localhost", options.getHost());
assertEquals(8080, options.getPort());
assertEquals("user", options.getUsername());
assertEquals("password", options.getPassword());
}
}

0 comments on commit 19cba3c

Please sign in to comment.