Merge pull request #696 from stuartwdouglas/form-auth-issue

Don't use absolute URI for the login page forward call
wildfly-security · Feb 28, 2017 · 20a1f27 · 20a1f27
2 parents d91c0b3 + a70c41a
commit 20a1f27
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 14 deletions.
diff --git a/src/main/java/org/wildfly/security/http/impl/FormAuthenticationMechanism.java b/src/main/java/org/wildfly/security/http/impl/FormAuthenticationMechanism.java
@@ -170,7 +170,8 @@ private void attemptAuthentication(HttpServerRequest request) throws HttpAuthent
         char[] passwordChars = password.toCharArray();
         try {
             if (authenticate(null, username, passwordChars)) {
-                if (authorize(username, request)) {
+                IdentityCache identityCache = createIdentityCache(request, true);
+                if (authorize(username, request, identityCache)) {
                     log.debugf("User %s authenticated successfully using FormAuthenticationMechanism!", username);
                     succeed();
                     HttpScope session = getSessionScope(request, true);
@@ -197,7 +198,7 @@ private void attemptAuthentication(HttpServerRequest request) throws HttpAuthent
                         responder = (response) -> sendRedirect(response, postAuthenticationPath);
                     }
 
-                    request.authenticationComplete(responder);
+                    request.authenticationComplete(responder, identityCache::remove);
                     return;
                 } else {
                     failAndRedirectToErrorPage(request, username);
@@ -215,10 +216,9 @@ private void attemptAuthentication(HttpServerRequest request) throws HttpAuthent
         }
     }
 
-    private boolean authorize(String username, HttpServerRequest request) throws HttpAuthenticationException {
+    private boolean authorize(String username, HttpServerRequest request, IdentityCache identityCache) throws HttpAuthenticationException {
         log.tracef("Authorizing username: [%s], Request URI: [%s], Context path: [%s]", username, request.getRequestURI(), this.contextPath);
 
-        IdentityCache identityCache = createIdentityCache(request, true);
         if (identityCache != null) {
             CachedIdentityAuthorizeCallback authorizeCallback = new CachedIdentityAuthorizeCallback(username, identityCache);
             try {
@@ -257,7 +257,7 @@ private boolean attemptReAuthentication(HttpServerRequest request) throws HttpAu
                 } catch (IOException | UnsupportedCallbackException e) {
                     throw new HttpAuthenticationException(e);
                 }
-                request.authenticationComplete();
+                request.authenticationComplete(null, identityCache::remove);
                 return true;
             }
         }
@@ -298,20 +298,13 @@ void sendLogin(HttpServerRequest request, HttpServerResponse response) throws Ht
             request.suspendRequest();
         }
 
-        StringBuilder sb = new StringBuilder();
-        sb.append(requestURI.getScheme());
-        sb.append("://");
-        sb.append(requestURI.getHost());
-        sb.append(':').append(requestURI.getPort());
-        sb.append(loginPage);
-        sendPage(sb.toString(), request, response);
+        sendPage(loginPage, request, response);
     }
 
     void sendPage(String page, HttpServerRequest request, HttpServerResponse response) throws HttpAuthenticationException {
         if (response.forward(page)) {
             return;
         }
-
         // Work out how and send the login page.
         HttpScope application = request.getScope(Scope.APPLICATION);
         if (application != null && application.supportsResources()) {
@@ -333,7 +326,15 @@ void sendPage(String page, HttpServerRequest request, HttpServerResponse respons
             }
         }
 
-        sendRedirect(response, contextPath + page);
+        URI requestURI = request.getRequestURI();
+        StringBuilder sb = new StringBuilder();
+        sb.append(requestURI.getScheme());
+        sb.append("://");
+        sb.append(requestURI.getHost());
+        sb.append(':').append(requestURI.getPort());
+        sb.append(contextPath);
+        sb.append(page);
+        sendRedirect(response, sb.toString());
     }
 
     private void sendRedirect(HttpServerResponse response, String location) {

diff --git a/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java b/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java
@@ -159,6 +159,28 @@ public void authenticationComplete(HttpServerMechanismsResponder responder) {
                         });
                     }
 
+                    @Override
+                    public void authenticationComplete(HttpServerMechanismsResponder responder, Runnable logoutHandler) {
+                        request.authenticationComplete(response -> {
+                            try {
+                                String id = singleSignOnSession.getId();
+                                if (id != null) {
+                                    HttpServerCookie cookie = getCookie(request);
+
+                                    if (cookie == null) {
+                                        response.setResponseCookie(createCookie(id, -1));
+                                    }
+                                }
+
+                                if (responder != null) {
+                                    responder.sendResponse(response);
+                                }
+                            } finally {
+                                singleSignOnSession.close();
+                            }
+                        }, logoutHandler);
+                    }
+
                     @Override
                     public void authenticationFailed(String message, HttpServerMechanismsResponder responder) {
                         request.authenticationFailed(message, response -> {