cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Update to the redirect_uri validation code
Date Mon, 16 Nov 2015 13:40:19 GMT
Repository: cxf
Updated Branches:
  refs/heads/master af31f3a3d -> 8c104d326


Update to the redirect_uri validation code


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8c104d32
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8c104d32
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8c104d32

Branch: refs/heads/master
Commit: 8c104d326a3e80b4796edefa2328a10e4c63c5ac
Parents: af31f3a
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Nov 16 13:40:04 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Nov 16 13:40:04 2015 +0000

----------------------------------------------------------------------
 .../security/oauth2/services/RedirectionBasedGrantService.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8c104d32/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 667de92..8435cdf 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -363,8 +363,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         
         List<String> uris = client.getRedirectUris();
         if (redirectUri != null) {
-            if (!uris.contains(redirectUri)) {
-                redirectUri = null;
+            if (!uris.isEmpty() && !uris.contains(redirectUri)) {
+                reportInvalidRequestError("Client Redirect Uri is invalid");
             } 
         } else if (uris.size() == 1 && useRegisteredRedirectUriIfPossible) {
             redirectUri = uris.get(0);


Mime
View raw message