Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3660

RedirectCallbackHander uses HttpServletRequest.getRequestURL to construct AM_REDIRECT_BACK_SERVER_URL

    Details

    • Support Ticket IDs:

      Description

      RedirectCallbackHandler

      public void handleRedirectCallback(HttpServletRequest request, HttpServletResponse response,
      RedirectCallback redirectCallback, String loginURL) throws IOException {

      if (debug.messageEnabled())

      { debug.message("Redirect to external web site..."); debug.message("RedirectUrl : " + redirectCallback.getRedirectUrl() + ", RedirectMethod : " + redirectCallback.getMethod() + ", RedirectData : " + redirectCallback.getRedirectData()); }

      String qString = AuthUtils.getQueryStrFromParameters(redirectCallback.getRedirectData());

      String requestURL = request.getRequestURL().toString();
      String requestURI = request.getRequestURI();
      int index = requestURL.indexOf(requestURI);

      HttpServletRequest.getRequestURL returns protocol://hostname of the server hosting the servlet and not what's displayed on browser. So if OpenAM server is behind reverse proxy, it will return wrong URL.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                sachiko Sachiko Wallace
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: