From 90e32bb4dde8734622523ed310bc5154fccc060e Mon Sep 17 00:00:00 2001 From: Yuriy Movchan Date: Wed, 19 Apr 2023 13:40:27 +0300 Subject: [PATCH] fix: cors filter should not store in local variable allowed origins oxAuth #1773 --- .../org/gluu/oxauth/filter/CorsFilter.java | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/Server/src/main/java/org/gluu/oxauth/filter/CorsFilter.java b/Server/src/main/java/org/gluu/oxauth/filter/CorsFilter.java index b45eb0580d..17d68579d2 100644 --- a/Server/src/main/java/org/gluu/oxauth/filter/CorsFilter.java +++ b/Server/src/main/java/org/gluu/oxauth/filter/CorsFilter.java @@ -109,15 +109,15 @@ public void init(final FilterConfig filterConfig) throws ServletException { @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { - Collection globalAllowedOrigins = new ArrayList<>(0); if (this.filterEnabled) { try { - globalAllowedOrigins = doFilterImpl(servletRequest); + // Set temporary client allowed origins + Collection clientAllowedOrigins = doFilterImpl(servletRequest); + setContextClientAllowedOrigins(servletRequest, clientAllowedOrigins); } catch (Exception ex) { log.error("Failed to process request", ex); } super.doFilter(servletRequest, servletResponse, filterChain); - setAllowedOrigins(globalAllowedOrigins); } else { filterChain.doFilter(servletRequest, servletResponse); } @@ -125,7 +125,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo protected Collection doFilterImpl(ServletRequest servletRequest) throws UnsupportedEncodingException, IOException, ServletException { - Collection globalAllowedOrigins = getAllowedOrigins(); + List clientAuthorizedOrigins = null; if (StringHelper.isNotEmpty(servletRequest.getParameter("client_id"))) { String clientId = servletRequest.getParameter("client_id"); @@ -133,8 +133,7 @@ protected Collection doFilterImpl(ServletRequest servletRequest) if (client != null) { String[] authorizedOriginsArray = client.getAuthorizedOrigins(); if (authorizedOriginsArray != null && authorizedOriginsArray.length > 0) { - List clientAuthorizedOrigins = Arrays.asList(authorizedOriginsArray); - setAllowedOrigins(clientAuthorizedOrigins); + clientAuthorizedOrigins = Arrays.asList(authorizedOriginsArray); } } } else { @@ -157,15 +156,14 @@ protected Collection doFilterImpl(ServletRequest servletRequest) if (client != null) { String[] authorizedOriginsArray = client.getAuthorizedOrigins(); if (authorizedOriginsArray != null && authorizedOriginsArray.length > 0) { - List clientAuthorizedOrigins = Arrays.asList(authorizedOriginsArray); - setAllowedOrigins(clientAuthorizedOrigins); + clientAuthorizedOrigins = Arrays.asList(authorizedOriginsArray); } } } } } - - return globalAllowedOrigins; + + return clientAuthorizedOrigins; } }