Merge pull request keycloak#2326 from stianst/KEYCLOAK-2592

stianst · stianst · commit 4f047565fb66 · 2016-03-07T06:12:17.000+01:00
Keycloak 2592
diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
@@ -206,7 +206,7 @@ public boolean challenge(HttpFacade exchange) {
                 tokenStore.saveRequest();
                 log.debug("Sending redirect to login page: " + redirect);
                 exchange.getResponse().setStatus(302);
-                exchange.getResponse().setCookie(deployment.getStateCookieName(), state, /* need to set path? */ null, null, -1, deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr()), false);
+                exchange.getResponse().setCookie(deployment.getStateCookieName(), state, /* need to set path? */ null, null, -1, deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr()), true);
                 exchange.getResponse().setHeader("Location", redirect);
                 return true;
             }
diff --git a/core/src/main/java/org/keycloak/AbstractOAuthClient.java b/core/src/main/java/org/keycloak/AbstractOAuthClient.java
@@ -110,6 +110,14 @@ public void setPublicClient(boolean publicClient) {
         this.publicClient = publicClient;
     }
 
+    public boolean isSecure() {
+        return isSecure;
+    }
+
+    public void setSecure(boolean secure) {
+        isSecure = secure;
+    }
+
     public RelativeUrlsUsed getRelativeUrlsUsed() {
         return relativeUrlsUsed;
     }
diff --git a/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java b/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java
@@ -177,6 +177,8 @@ protected Response login(String path) {
 
         oauth.setClientId(client.getClientId());
 
+        oauth.setSecure(realm.getSslRequired().isRequired(clientConnection));
+
         UriBuilder uriBuilder = UriBuilder.fromUri(getBaseRedirectUri()).path("login-redirect");
 
         if (path != null) {
@@ -247,8 +249,7 @@ public Response redirect(UriInfo uriInfo, String redirectUri) {
 
             URI url = uriBuilder.build();
 
-            // todo httpOnly!
-            NewCookie cookie = new NewCookie(getStateCookieName(), state, getStateCookiePath(uriInfo), null, null, -1, isSecure);
+            NewCookie cookie = new NewCookie(getStateCookieName(), state, getStateCookiePath(uriInfo), null, null, -1, isSecure, true);
             logger.debug("NewCookie: " + cookie.toString());
             logger.debug("Oauth Redirect to: " + url);
             return Response.status(302)

Original file line number	Diff line number	Diff line change
`@@ -206,7 +206,7 @@ public boolean challenge(HttpFacade exchange) {`
`206`	`206`	`tokenStore.saveRequest();`
`207`	`207`	`log.debug("Sending redirect to login page: " + redirect);`
`208`	`208`	`exchange.getResponse().setStatus(302);`
`209`		`- exchange.getResponse().setCookie(deployment.getStateCookieName(), state, /* need to set path? */ null, null, -1, deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr()), false);`
	`209`	`+ exchange.getResponse().setCookie(deployment.getStateCookieName(), state, /* need to set path? */ null, null, -1, deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr()), true);`
`210`	`210`	`exchange.getResponse().setHeader("Location", redirect);`
`211`	`211`	`return true;`
`212`	`212`	`}`
Original file line number	Diff line number	Diff line change
`@@ -110,6 +110,14 @@ public void setPublicClient(boolean publicClient) {`
`110`	`110`	`this.publicClient = publicClient;`
`111`	`111`	`}`
`112`	`112`
	`113`	`+ public boolean isSecure() {`
	`114`	`+ return isSecure;`
	`115`	`+ }`
	`116`	`+`
	`117`	`+ public void setSecure(boolean secure) {`
	`118`	`+ isSecure = secure;`
	`119`	`+ }`
	`120`	`+`
`113`	`121`	`public RelativeUrlsUsed getRelativeUrlsUsed() {`
`114`	`122`	`return relativeUrlsUsed;`
`115`	`123`	`}`