diff --git a/apiml/src/main/resources/application.yml b/apiml/src/main/resources/application.yml index 4de23e1bc9..498d19b247 100644 --- a/apiml/src/main/resources/application.yml +++ b/apiml/src/main/resources/application.yml @@ -33,12 +33,6 @@ spring: frame-options: sameorigin application: name: gateway - security: - oauth2: - client: - registration: - okta: - redirectUri: "{baseUrl}/gateway/{action}/oauth2/code/{registrationId}" main: allow-circular-references: true banner-mode: ${apiml.banner:"off"} diff --git a/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java b/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java index 02fed5d1dd..73174f8d6f 100644 --- a/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java +++ b/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java @@ -16,17 +16,23 @@ import lombok.Data; import lombok.Value; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; -import java.util.*; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import java.util.Set; import java.util.function.Consumer; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.stream.Collectors; /** - * Reads OIDC Client configuration from environment variables or application configuration file. + * Reads OIDC Client configuration from Zowe launcher environment variables or application configuration file. */ @Data @Component @@ -34,6 +40,7 @@ @ConfigurationProperties(prefix = "spring.security.oauth2.client", ignoreInvalidFields = true) public class ClientConfiguration { + private static final String DEFAULT_REDIRECT_URI = "{baseUrl}/gateway/{action}/oauth2/code/{registrationId}"; private static final String SYSTEM_ENV_PREFIX = "ZWE_configs_spring_security_oauth2_client_"; private static final Pattern REGISTRATION_ID_PATTERN = Pattern.compile( "^" + SYSTEM_ENV_PREFIX + "(registration|provider)_([^_]+)_.*$" @@ -42,10 +49,10 @@ public class ClientConfiguration { public static final String REGISTRATION_ENV_TYPE = "registration"; public static final String PROVIDER_ENV_TYPE = "provider"; - private Map registration = new HashMap<>(); private Map provider = new HashMap<>(); + private String getSystemEnv(String id, String type, String name) { StringBuilder sb = new StringBuilder(); sb.append(SYSTEM_ENV_PREFIX).append(type).append('_').append(id).append('_').append(name); @@ -97,6 +104,19 @@ void updateWithSystemEnvironment() { update(registrationId, registration.computeIfAbsent(registrationId, k -> new Registration())); update(registrationId, provider.computeIfAbsent(registrationId, k -> new Provider())); } + processDefaults(); + } + + /* + * redirectUri was originally set as a property but for Okta provider only, without it it can be a breaking change. + * This makes sure any provider has a default redirectUri if no explicit one is provided + */ + private void processDefaults() { + for (Map.Entry entry : registration.entrySet()) { + if (StringUtils.isBlank(entry.getValue().getRedirectUri())) { + entry.getValue().setRedirectUri(DEFAULT_REDIRECT_URI); + } + } } public Map getConfigurations() { diff --git a/gateway-service/src/main/resources/application.yml b/gateway-service/src/main/resources/application.yml index ad569e21db..3f1fb254a4 100644 --- a/gateway-service/src/main/resources/application.yml +++ b/gateway-service/src/main/resources/application.yml @@ -68,12 +68,6 @@ spring: frame-options: sameorigin application: name: gateway - security: - oauth2: - client: - registration: - okta: - redirectUri: "{baseUrl}/gateway/{action}/oauth2/code/{registrationId}" main: allow-circular-references: true banner-mode: ${apiml.banner:"off"} @@ -200,7 +194,6 @@ management: include: health,info,gateway --- spring.config.activate.on-profile: wiretap - spring: cloud: gateway: