Skip to content
This repository has been archived by the owner on May 31, 2022. It is now read-only.

Commit

Permalink
Simplify Default Configuration
Browse files Browse the repository at this point in the history
Switching off matchSubdomains by default for a simpler initial
configuration.
  • Loading branch information
jzheaux committed May 28, 2019
1 parent bbae002 commit f769ff9
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ public class DefaultRedirectResolver implements RedirectResolver {

private Collection<String> redirectGrantTypes = Arrays.asList("implicit", "authorization_code");

private boolean matchSubdomains = true;
private boolean matchSubdomains = false;

private boolean matchPorts = true;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,24 +7,30 @@
import java.util.HashSet;
import java.util.Set;

import org.junit.Before;
import org.junit.Test;
import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver;

public class SubdomainRedirectResolverTests
{
private final DefaultRedirectResolver resolver = new DefaultRedirectResolver();
private DefaultRedirectResolver resolver;
private final BaseClientDetails client = new BaseClientDetails();

{
client.setAuthorizedGrantTypes(Collections.singleton("authorization_code"));
}

@Before
public void setup() {
resolver = new DefaultRedirectResolver();
}

@Test
public void testRedirectMatch() throws Exception
{
resolver.setMatchSubdomains(true);
Set<String> redirectUris = new HashSet<String>(Arrays.asList("https://watchdox.com"));
client.setRegisteredRedirectUri(redirectUris);
String requestedRedirect = "https://anywhere.watchdox.com";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -136,12 +136,20 @@ public void testRedirectNotMatchingSubdomain() throws Exception {
// gh-747
@Test
public void testRedirectMatchingSubdomain() throws Exception {
resolver.setMatchSubdomains(true);
Set<String> redirectUris = new HashSet<String>(Arrays.asList("https://anywhere.com/foo"));
String requestedRedirect = "https://2.anywhere.com/foo";
client.setRegisteredRedirectUri(redirectUris);
assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client));
}

@Test(expected = RedirectMismatchException.class)
public void testRedirectMatchSubdomainsDefaultsFalse() {
Set<String> redirectUris = new HashSet<String>(Arrays.asList("https://anywhere.com"));
client.setRegisteredRedirectUri(redirectUris);
resolver.resolveRedirect("https://2.anywhere.com", client);
}

// gh-746
@Test(expected = RedirectMismatchException.class)
public void testRedirectNotMatchingPort() throws Exception {
Expand Down

0 comments on commit f769ff9

Please sign in to comment.