Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-2571

OAuth2ResourceServerFilter requireHttps=true applies to rebased request URI

    Details

    • Support Ticket IDs:

      Description

      With requireHttps=true, OAuth2ResourceServerFilter enforces request.uri.scheme is https, but this is equivalent to checking the baseURI scheme is https.
      It should instead enforce the original incoming request (contexts.router.originalUri.scheme) containing the access token is using https.

              if (getWithDeprecation(config, logger, "requireHttps", "enforceHttps").as(evaluated())
                                                                                    .defaultTo(Boolean.TRUE).asBoolean()) {
                  try {
                      Expression<Boolean> expr = Expression.valueOf("${request.uri.scheme == 'https'}", Boolean.class);
                      return chainOf(new ConditionEnforcementFilter(expr), filter);
                  } catch (ExpressionException e) {
                      // Can be ignored, since we completely control the expression
                  }
              }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                markdr Mark de Reeper
                Reporter:
                andrew.dunn Andrew Dunn [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: