pac4j: url resolver: generates wrong urls when url is absolute fix #3637

Author: jknack

modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/SecurityFilterImpl.java

@@ -5,6 +5,7 @@
  */
 package io.jooby.internal.pac4j;
 
+import static java.util.Collections.emptyMap;
 import static java.util.Optional.ofNullable;
 
 import java.util.List;
@@ -14,6 +15,7 @@
 import org.pac4j.core.client.finder.DefaultSecurityClientFinder;
 import org.pac4j.core.engine.DefaultSecurityLogic;
 import org.pac4j.core.engine.SecurityLogic;
+import org.pac4j.core.matching.matcher.DefaultMatchers;
 import org.pac4j.core.util.Pac4jConstants;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
@@ -74,8 +76,19 @@ private Object perform(Context ctx, GrantAccessAdapterImpl accessAdapter) {
       var securityLogic = config.getSecurityLogic();
       var clients = ctx.lookup(clientName(securityLogic)).value(this.clients.get());
       var authorizers = ofNullable(this.authorizers).orElse(NoopAuthorizer.NAME);
+      var matcherSet = ofNullable(config.getMatchers()).orElse(emptyMap()).keySet();
+      var matchers =
+          matcherSet.isEmpty()
+              ? DefaultMatchers.NONE
+              : String.join(Pac4jConstants.ELEMENT_SEPARATOR, matcherSet);
+
       return securityLogic.perform(
-          config, accessAdapter, clients, authorizers, null, Pac4jFrameworkParameters.create(ctx));
+          config,
+          accessAdapter,
+          clients,
+          authorizers,
+          matchers,
+          Pac4jFrameworkParameters.create(ctx));
     } catch (RuntimeException re) {
       if (re.getCause() != null) {
         throw SneakyThrows.propagate(re.getCause());

modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/SessionStoreImpl.java

@@ -78,7 +78,7 @@ public void set(WebContext context, String key, Object value) {
     if (value == null || value.toString().isEmpty()) {
       getSessionOrEmpty(context).ifPresent(session -> session.remove(key));
     } else {
-      String encoded = objToStr(context(context).require(Serializer.class), value);
+      var encoded = objToStr(context(context).require(Serializer.class), value);
       getSession(context).put(key, encoded);
     }
   }

modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/UrlResolverImpl.java

@@ -5,10 +5,7 @@
  */
 package io.jooby.internal.pac4j;
 
-import static java.util.regex.Pattern.CASE_INSENSITIVE;
-import static java.util.regex.Pattern.compile;
-
-import java.util.regex.Pattern;
+import java.net.URI;
 
 import org.pac4j.core.context.WebContext;
 import org.pac4j.core.http.url.UrlResolver;
@@ -19,27 +16,35 @@
 
 public class UrlResolverImpl implements UrlResolver {
 
-  private static final Pattern HTTP_URL = compile("^https?:.*", CASE_INSENSITIVE);
-
   private final Logger log = LoggerFactory.getLogger(getClass());
 
   @Override
-  public String compute(String path, WebContext context) {
+  public String compute(String url, WebContext context) {
+    var absoluteURL = isAbsoluteURL(url);
     if (context == null) {
-      if (!HTTP_URL.matcher(path).matches()) {
+      if (!absoluteURL) {
         log.warn(
             "Unable to resolve URL from path '{}' since no web context was provided. This may"
                 + " prevent some authentication clients to work properly. Consider explicitly"
                 + " specifying an absolute callback URL or using a custom url resolver.",
-            path);
+            url);
       }
 
-      return path;
+      return url;
     }
-
-    String requestURL = ((Pac4jContext) context).getContext().getRequestURL(path);
+    // Rewrite using context which might uses trust proxy setting.
+    var path = absoluteURL ? URI.create(url).getPath() : url;
+    var requestURL = ((Pac4jContext) context).getContext().getRequestURL(path);
     // no query String
     int i = requestURL.indexOf('?');
     return i > 0 ? requestURL.substring(0, i) : requestURL;
   }
+
+  private static boolean isAbsoluteURL(String url) {
+    try {
+      return URI.create(url).isAbsolute();
+    } catch (Exception ignored) {
+      return false;
+    }
+  }
 }

modules/jooby-pac4j/src/main/java/io/jooby/pac4j/Pac4jOptions.java

@@ -5,8 +5,11 @@
  */
 package io.jooby.pac4j;
 
+import java.util.List;
 import java.util.Optional;
 
+import org.pac4j.core.client.Client;
+import org.pac4j.core.client.Clients;
 import org.pac4j.core.config.Config;
 import org.pac4j.core.util.serializer.JavaSerializer;
 import org.pac4j.core.util.serializer.Serializer;
@@ -72,6 +75,26 @@ private Pac4jOptions(Config config) {
 
   public Pac4jOptions() {}
 
+  public Pac4jOptions(Clients clients) {
+    super(clients);
+  }
+
+  public Pac4jOptions(Client client) {
+    super(client);
+  }
+
+  public Pac4jOptions(List<Client> client) {
+    super(client);
+  }
+
+  public Pac4jOptions(String callbackPath, Client client) {
+    super(callbackPath, client);
+  }
+
+  public Pac4jOptions(String callbackPath, List<Client> clients) {
+    super(callbackPath, clients);
+  }
+
   /**
    * Get a Pac4j options instance of {@link Config}.
    *