Don't expect exact hostname in requet to token endpoint #451

GluuFederation · Jan 20, 2017 · 6dfe36f · 6dfe36f
1 parent 9b3c0cd
commit 6dfe36f
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/Server/src/main/java/org/xdi/oxauth/auth/AuthenticationFilter.java b/Server/src/main/java/org/xdi/oxauth/auth/AuthenticationFilter.java
@@ -37,6 +37,7 @@
 import org.xdi.oxauth.service.ClientFilterService;
 import org.xdi.oxauth.service.ClientService;
 import org.xdi.oxauth.service.SessionStateService;
+import org.xdi.oxauth.util.ServerUtil;
 import org.xdi.util.StringHelper;
 
 import javax.servlet.FilterChain;
@@ -79,7 +80,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
             public void process() {
                 try {
                     final String requestUrl = httpRequest.getRequestURL().toString();
-                    if (requestUrl.equals(ConfigurationFactory.instance().getConfiguration().getTokenEndpoint())) {
+                    if (requestUrl.endsWith("/token") && ServerUtil.isSameRequestPath(requestUrl, ConfigurationFactory.instance().getConfiguration().getTokenEndpoint())) {
                         if (httpRequest.getParameter("client_assertion") != null
                                 && httpRequest.getParameter("client_assertion_type") != null) {
                             processJwtAuth(httpRequest, httpResponse, filterChain);
@@ -393,4 +394,5 @@ private ClientService getClientService() {
     private ErrorResponseFactory getErrorResponseFactory() {
         return (ErrorResponseFactory) Component.getInstance(ErrorResponseFactory.class, true);
     }
+
 }
diff --git a/Server/src/main/java/org/xdi/oxauth/util/ServerUtil.java b/Server/src/main/java/org/xdi/oxauth/util/ServerUtil.java
@@ -8,6 +8,8 @@
 
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.net.URLDecoder;
 import java.util.List;
 import java.util.Map;
@@ -34,6 +36,7 @@
 import org.xdi.oxauth.service.AppInitializer;
 import org.xdi.oxauth.service.uma.ScopeService;
 import org.xdi.util.ArrayHelper;
+import org.xdi.util.StringHelper;
 import org.xdi.util.Util;
 
 /**
@@ -175,4 +178,15 @@ public static String getFirstValue(Map<String, String[]> map, String key) {
     	return null;
     }
 
+    public static boolean isSameRequestPath(String url1, String url2) throws MalformedURLException {
+    	if ((url1 == null) || (url2 == null)) {
+    		return false;
+    	}
+
+    	URL parsedUrl1 = new URL(url1);
+    	URL parsedUrl2 = new URL(url2);
+
+    	return StringHelper.equals(parsedUrl1.getPath(), parsedUrl2.getPath());
+    }
+
 }