Prevent frontend endpoint redirect to admin endpoint #38464

vmuzikar · 2025-03-26T18:28:32Z

vmuzikar · 2025-03-26T18:30:16Z

tests/base/src/test/java/org/keycloak/tests/admin/AdminRootTest.java

+ * @author Vaclav Muzikar <vmuzikar@redhat.com>
+ */
+@KeycloakIntegrationTest(config = AdminRootTest.AdminUrlConfig.class)
+public class AdminRootTest {


Not sure if similar test exists in the old testsuite but seemed simpler to do it in the new one as we need to provide server config options. Let me know if that works for you.

vmuzikar · 2025-03-26T18:33:01Z

test-framework/core/src/main/java/org/keycloak/testframework/http/HttpClientSupplier.java

-    @Override
-    public LifeCycle getDefaultLifecycle() {
-        return LifeCycle.GLOBAL;
-    }


This might be a bit controversial but I assume we might need occasionally to provide some HTTP Client configs on the test level, hence the global scope would not work. Let me know if that works for you.

Don't change this, instead add the compatible check based on annotations. That'll recreate the global instance as needed based on annotation config.

Thanks for the pointer. I didn't realize the compatible method is there for this use case. Created #38586.

Closes keycloak#38463 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

ssilvert

LGTM

vmuzikar commented Mar 26, 2025

View reviewed changes

vmuzikar marked this pull request as ready for review March 26, 2025 19:38

vmuzikar requested a review from a team as a code owner March 26, 2025 19:38

vmuzikar requested a review from a team March 26, 2025 19:38

keycloak-github-bot bot added the team/cloud-native label Mar 26, 2025

vmuzikar force-pushed the hostname-disclosure branch from 861a258 to e02fb9a Compare March 28, 2025 12:27

vmuzikar marked this pull request as draft March 28, 2025 12:30

vmuzikar force-pushed the hostname-disclosure branch 2 times, most recently from ea5297a to 796 8000 8b8f Compare March 28, 2025 12:57

Prevent frontend endpoint redirect to admin endpoint

2a52dff

Closes keycloak#38463 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

vmuzikar force-pushed the hostname-disclosure branch from 7968b8f to 2a52dff Compare March 28, 2025 13:00

vmuzikar marked this pull request as ready for review March 28, 2025 15:12

ssilvert approved these changes Mar 28, 2025

View reviewed changes

vmuzikar merged commit 2a0ce46 into keycloak:main Mar 28, 2025
75 checks passed

vmuzikar deleted the hostname-disclosure branch March 28, 2025 17:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Prevent frontend endpoint redirect to admin endpoint #38464

Prevent frontend endpoint redirect to admin endpoint #38464

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Prevent frontend endpoint redirect to admin endpoint #38464

Prevent frontend endpoint redirect to admin endpoint #38464

Uh oh!

Conversation

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!