From 66533a149e349af1f40bec8581ac71f1e5bfaeaf Mon Sep 17 00:00:00 2001 From: Pablo Carle Date: Fri, 26 Sep 2025 11:30:46 +0200 Subject: [PATCH 1/3] set redirectUri default in java code Signed-off-by: Pablo Carle --- apiml/src/main/resources/application.yml | 6 ------ .../gateway/config/oidc/ClientConfiguration.java | 12 ++++++++++-- gateway-service/src/main/resources/application.yml | 7 ------- 3 files changed, 10 insertions(+), 15 deletions(-) diff --git a/apiml/src/main/resources/application.yml b/apiml/src/main/resources/application.yml index 4de23e1bc9..498d19b247 100644 --- a/apiml/src/main/resources/application.yml +++ b/apiml/src/main/resources/application.yml @@ -33,12 +33,6 @@ spring: frame-options: sameorigin application: name: gateway - security: - oauth2: - client: - registration: - okta: - redirectUri: "{baseUrl}/gateway/{action}/oauth2/code/{registrationId}" main: allow-circular-references: true banner-mode: ${apiml.banner:"off"} diff --git a/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java b/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java index 02fed5d1dd..ac223041ea 100644 --- a/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java +++ b/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java @@ -16,6 +16,7 @@ import lombok.Data; import lombok.Value; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; @@ -34,6 +35,7 @@ @ConfigurationProperties(prefix = "spring.security.oauth2.client", ignoreInvalidFields = true) public class ClientConfiguration { + private static final String DEFAULT_REDIRECT_URI = "{baseUrl}/gateway/{action}/oauth2/code/{registrationId}"; private static final String SYSTEM_ENV_PREFIX = "ZWE_configs_spring_security_oauth2_client_"; private static final Pattern REGISTRATION_ID_PATTERN = Pattern.compile( "^" + SYSTEM_ENV_PREFIX + "(registration|provider)_([^_]+)_.*$" @@ -42,10 +44,10 @@ public class ClientConfiguration { public static final String REGISTRATION_ENV_TYPE = "registration"; public static final String PROVIDER_ENV_TYPE = "provider"; - private Map registration = new HashMap<>(); private Map provider = new HashMap<>(); + private String getSystemEnv(String id, String type, String name) { StringBuilder sb = new StringBuilder(); sb.append(SYSTEM_ENV_PREFIX).append(type).append('_').append(id).append('_').append(name); @@ -53,16 +55,22 @@ private String getSystemEnv(String id, String type, String name) { } private void update(String id, String type, String base, Consumer setter) { + update(id, type, base, null, setter); + } + + private void update(String id, String type, String base, String defaultValue, Consumer setter) { String systemEnv = getSystemEnv(id, type, base); if (systemEnv != null) { setter.accept(systemEnv); + } else if (StringUtils.isNotBlank(defaultValue)) { + setter.accept(defaultValue); } } private void update(String id, Registration registration) { update(id, REGISTRATION_ENV_TYPE, "clientId", registration::setClientId); update(id, REGISTRATION_ENV_TYPE, "clientSecret", registration::setClientSecret); - update(id, REGISTRATION_ENV_TYPE, "redirectUri", registration::setRedirectUri); + update(id, REGISTRATION_ENV_TYPE, "redirectUri", DEFAULT_REDIRECT_URI, registration::setRedirectUri); String scope = getSystemEnv(id, REGISTRATION_ENV_TYPE, "scope"); if (scope != null) { diff --git a/gateway-service/src/main/resources/application.yml b/gateway-service/src/main/resources/application.yml index ad569e21db..3f1fb254a4 100644 --- a/gateway-service/src/main/resources/application.yml +++ b/gateway-service/src/main/resources/application.yml @@ -68,12 +68,6 @@ spring: frame-options: sameorigin application: name: gateway - security: - oauth2: - client: - registration: - okta: - redirectUri: "{baseUrl}/gateway/{action}/oauth2/code/{registrationId}" main: allow-circular-references: true banner-mode: ${apiml.banner:"off"} @@ -200,7 +194,6 @@ management: include: health,info,gateway --- spring.config.activate.on-profile: wiretap - spring: cloud: gateway: From 9e0c71a2c420212fe92f7c011d3bb70c920a5561 Mon Sep 17 00:00:00 2001 From: Pablo Carle Date: Fri, 26 Sep 2025 15:06:12 +0200 Subject: [PATCH 2/3] default for redirectUri Signed-off-by: Pablo Carle --- .../gateway/config/oidc/ClientConfiguration.java | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java b/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java index ac223041ea..7d001fa081 100644 --- a/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java +++ b/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java @@ -27,7 +27,7 @@ import java.util.stream.Collectors; /** - * Reads OIDC Client configuration from environment variables or application configuration file. + * Reads OIDC Client configuration from Zowe launcher environment variables or application configuration file. */ @Data @Component @@ -105,6 +105,19 @@ void updateWithSystemEnvironment() { update(registrationId, registration.computeIfAbsent(registrationId, k -> new Registration())); update(registrationId, provider.computeIfAbsent(registrationId, k -> new Provider())); } + processDefaults(); + } + + /* + * redirectUri was originally set as a property but for Okta provider only, without it it can be a breaking change. + * This makes sure any provider has a default redirectUri if no explicit one is provided + */ + private void processDefaults() { + for (Map.Entry entry : registration.entrySet()) { + if (StringUtils.isBlank(entry.getValue().getRedirectUri())) { + entry.getValue().setRedirectUri(DEFAULT_REDIRECT_URI); + } + } } public Map getConfigurations() { From 7871ceccd0df0016a6ecdc6a8da8c4858f8a41be Mon Sep 17 00:00:00 2001 From: Pablo Carle Date: Fri, 26 Sep 2025 15:10:49 +0200 Subject: [PATCH 3/3] remove unneeded default Signed-off-by: Pablo Carle --- .../gateway/config/oidc/ClientConfiguration.java | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java b/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java index 7d001fa081..73174f8d6f 100644 --- a/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java +++ b/gateway-service/src/main/java/org/zowe/apiml/gateway/config/oidc/ClientConfiguration.java @@ -20,7 +20,12 @@ import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; -import java.util.*; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import java.util.Set; import java.util.function.Consumer; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -55,22 +60,16 @@ private String getSystemEnv(String id, String type, String name) { } private void update(String id, String type, String base, Consumer setter) { - update(id, type, base, null, setter); - } - - private void update(String id, String type, String base, String defaultValue, Consumer setter) { String systemEnv = getSystemEnv(id, type, base); if (systemEnv != null) { setter.accept(systemEnv); - } else if (StringUtils.isNotBlank(defaultValue)) { - setter.accept(defaultValue); } } private void update(String id, Registration registration) { update(id, REGISTRATION_ENV_TYPE, "clientId", registration::setClientId); update(id, REGISTRATION_ENV_TYPE, "clientSecret", registration::setClientSecret); - update(id, REGISTRATION_ENV_TYPE, "redirectUri", DEFAULT_REDIRECT_URI, registration::setRedirectUri); + update(id, REGISTRATION_ENV_TYPE, "redirectUri", registration::setRedirectUri); String scope = getSystemEnv(id, REGISTRATION_ENV_TYPE, "scope"); if (scope != null) {