Handle redirect to client after shibboleth authentication succeded

dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java

@@ -33,6 +33,7 @@ import org.dspace.content.NonUniqueMetadataException;
 import org.dspace.content.factory.ContentServiceFactory;
 import org.dspace.content.service.MetadataFieldService;
 import org.dspace.content.service.MetadataSchemaService;
+import org.dspace.core.ConfigurationManager;
 import org.dspace.core.Context;
 import org.dspace.eperson.EPerson;
 import org.dspace.eperson.Group;
@@ -509,18 +510,8 @@ public class ShibAuthentication implements AuthenticationMethod {
             int port = request.getServerPort();
             String contextPath = request.getContextPath();
 
-            String returnURL = request.getHeader("Referer");
-            if (returnURL == null) {
-                if (request.isSecure() || forceHTTPS) {
-                    returnURL = "https://";
-                } else {
-                    returnURL = "http://";
-                }
-                returnURL += host;
-                if (!(port == 443 || port == 80)) {
-                    returnURL += ":" + port;
-                }
-            }
+            String returnURL = ConfigurationManager.getProperty("dspace.baseUrl") + "/api/authn/shibboleth?redirectUrl="
+                    + request.getHeader("Referer");
 
             try {
                 shibURL += "?target=" + URLEncoder.encode(returnURL, "UTF-8");

dspace-server-webapp/src/main/java/org/dspace/app/rest/ShibbolethRestController.java

@@ -0,0 +1,61 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.rest;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+import javax.servlet.http.HttpServletResponse;
+
+
+import org.dspace.app.rest.model.AuthnRest;
+import org.dspace.core.ConfigurationManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.hateoas.Link;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * Rest controller that handles redirect after shibboleth authentication succeded
+ *
+ * @author Andrea Bollini (andrea dot bollini at 4science dot it)
+ * @author Giuseppe Digilio (giuseppe dot digilio at 4science dot it)
+ */
+@RequestMapping(value = "/api/" + AuthnRest.CATEGORY + "/shibboleth")
+@RestController
+public class ShibbolethRestController implements InitializingBean {
+
+    private static final Logger log = LoggerFactory.getLogger(ShibbolethRestController.class);
+
+    @Autowired
+    DiscoverableEndpointsService discoverableEndpointsService;
+
+    @Override
+    public void afterPropertiesSet() {
+        discoverableEndpointsService
+            .register(this, Arrays.asList(new Link("/api/" + AuthnRest.CATEGORY, "shibboleth")));
+    }
+
+    @RequestMapping(method = RequestMethod.GET)
+    @PreAuthorize("hasAuthority('AUTHENTICATED')")
+    public void shibboleth(HttpServletResponse response,
+            @RequestParam(name = "redirectUrl", required = false) String redirectUrl) throws IOException {
+        if (redirectUrl == null) {
+            redirectUrl = ConfigurationManager.getProperty("dspace.url");
+        }
+        log.info("Redirecting to " + redirectUrl);
+        response.sendRedirect(redirectUrl);
+    }
+
+}