Skip authentication for the `OIDCKeycloak.js` file (Fix regression) (#9505)
Skip authentication for the `OIDCKeycloak.js` file Signed-off-by: David Festal <dfestal@redhat.com>6.19.x
David Festal
GitHub
parent
654980a4e0
commit
c66d349728
|
|
@ -38,14 +38,16 @@ public abstract class AbstractKeycloakFilter implements Filter {
|
|||
/** when a request came from a machine with valid token then auth is not required */
|
||||
protected boolean shouldSkipAuthentication(HttpServletRequest request, String token) {
|
||||
if (token == null) {
|
||||
if (request.getRequestURI() != null
|
||||
&& request.getRequestURI().endsWith("api/keycloak/OIDCKeycloak.js")) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
final PublicKey publicKey = signatureKeyManager.getKeyPair().getPublic();
|
||||
final Jwt jwt = Jwts.parser().setSigningKey(publicKey).parse(token);
|
||||
return MACHINE_TOKEN_KIND.equals(jwt.getHeader().get("kind"))
|
||||
|| (request.getRequestURI() != null
|
||||
&& request.getRequestURI().endsWith("api/keycloak/OIDCKeycloak.js"));
|
||||
return MACHINE_TOKEN_KIND.equals(jwt.getHeader().get("kind"));
|
||||
} catch (ExpiredJwtException | MalformedJwtException | SignatureException ex) {
|
||||
// given token is not signed by particular signature key so it must be checked in another way
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -65,6 +65,13 @@ public class AbstractKeycloakFilterTest {
|
|||
.compact();
|
||||
|
||||
when(signatureKeyManager.getKeyPair()).thenReturn(keyPair);
|
||||
when(request.getRequestURI()).thenReturn(null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testShouldSkipAuthWhenRetrievingOIDCKeycloakJsFile() {
|
||||
when(request.getRequestURI()).thenReturn("https://localhost:8080/api/keycloak/OIDCKeycloak.js");
|
||||
assertTrue(abstractKeycloakFilter.shouldSkipAuthentication(request, null));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
Loading…
Reference in New Issue