US102589: Require HTTPS for adapter endpoints and UAA token URLs #106
Conversation
| if (adapter.getAdapterEndpoint() == null || adapter.getAdapterEndpoint().isEmpty()) { | ||
| throw new AttributeConnectorException("Attribute adapter configuration requires a nonempty endpoint URL"); | ||
| } | ||
| if (!adapter.getAdapterEndpoint().startsWith("https://")) { |
There was a problem hiding this comment.
Let us check for case insensitiveness for https
3103b84 to
47a4f5d
Compare
| throw new AttributeConnectorException("Attribute adapter configuration requires a nonempty endpoint URL"); | ||
| } | ||
| try { | ||
| if (!new URI(adapter.getAdapterEndpoint()).getScheme().equalsIgnoreCase(HTTPS)) { |
There was a problem hiding this comment.
I think we should replace this line (new URI(adapter.getAdapterEndpoint()).getScheme().equalsIgnoreCase(HTTPS)) with function in Utils with can be used in multiple places. Also we need to handle the case if scheme is not specified(for example if someone specifies www.abcd.com)
There was a problem hiding this comment.
The function will be like:
boolean isHttpsUrl(String urlStr) throws URISyntaxException{
if( (urlStr != null) && (!urlStr.isEmpty())){
URI uri = URI(urlStr);
String schemeUri = url.getScheme();
if(schemeUri == null || (schemeUri.isEmpty()))
return false;
//i dont like the name HTTPS so changing into to HTTPS_STR
return (HTTPS_STR.equals(schemeUri) == true) ? true : false)
}
return false;
}
There was a problem hiding this comment.
Good point regarding missing schemes.. converted to using java.net.URL so that if a protocol isn't specified it will throw a MalformedURLException (which also means no defensive checks necessary)
46dccfd to
de47c31
Compare
Signed-off-by: Anubhav <[email protected]>
de47c31 to
42315f5
Compare
No description provided.