[OPENAM-3659] OAuth2 auth module uses HttpServletRequest.getRequestURL() to construct ORIG_URL cookie Created: 18/Feb/14  Updated: 25/May/18  Resolved: 15/Apr/14

Status: Resolved
Project: OpenAM
Component/s: authentication
Affects Version/s: 11.0.0
Fix Version/s: 10.0.3, 11.0.2, 12.0.0

Type: Bug Priority: Major
Reporter: Sachiko Wallace Assignee: Sachiko Wallace
Resolution: Fixed Votes: 0
Labels: release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to OPENAM-3660 RedirectCallbackHander uses HttpServl... Resolved
relates to OPENAM-5130 OAuth2 authorization will redirect us... Resolved
relates to OPENAM-5237 OAuth2 authorization consent page use... Resolved
Rank: 1|hzoafz:
Support Ticket IDs:



switch (state) {
case ISAuthConstants.LOGIN_START: {
serverName = request.getServerName();
String requestedURL = request.getRequestURL().toString();
String requestedQuery = request.getQueryString();

HttpServletRequest.getRequestURL returns protocol://hostname of the server hosting the servlet and not what's displayed on browser. So if OpenAM server is behind reverse proxy, it will return wrong URL.

Comment by Sachiko Wallace [ 18/Feb/14 ]

we can probably use AuthClientUtils.getValidFQDNResource to construct correct value

Comment by Tomas Hejret [ 16/Sep/14 ]

how to verify bug fix?

Generated at Sun Feb 28 00:03:51 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.