I realize you are asking for auto-encoding, but is there any reason the service url is not encoded prior to submission?
-- Misagh From: Dan Roque <[email protected]> Reply: Dan Roque <[email protected]> Date: September 26, 2016 at 10:21:49 PM To: CAS Community <[email protected]> Subject: [cas-user] Re: Possible to auto-encode a request url passed to CAS? I looked over the latest source code and found the relevant code from 3.5.2 that I am asking about https://github.com/apereo/cas/blob/master/core/cas-server-core-services/src/main/java/org/apereo/cas/authentication/principal/WebApplicationServiceFactory.java#L32 Any downfalls to have some sort of config that allows ampersands to be auto-encoded in a query string before the SimpleWebApplicationServiceImpl object is created? So for example, if the following service URL is passed to CAS https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX&Action=U&CDM_ID=1234567 CAS checks the query string and auto-encodes each ampersand to %26 which would result in https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567 This would allow the user to be redirected to the intended service URL. This would be done by not calling getParameter but instead calling getQueryString() and constructing the service string from that. Thoughts? BTW, I'm currently testing CAS 3.5.2 with Tomcat 7.0.64 Thanks! On Monday, September 26, 2016 at 12:02:56 PM UTC-4, Dan Roque wrote: Hi, I'm using an application that emails links to users to view reports and need to redirect these links through CAS (version 3.5.2). The issue is that the application does not URL encode these links when sending to the user as there is no requirement to do so. If the URL is clicked "as-is", it gets redirected to CAS which will strip off any extra parameters it finds. I want to know if it would be possible to have CAS auto-encode the request URL it receives before creating the service string. Here is an example of a URL that is clicked by a user https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX&Action=U&CDM_ID=1234567 I redirect this to https://cas2.domain.com/cas/login?method=POST&service=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX&Action=U&CDM_ID=1234567 After the user authenticates with the above URL, the service used becomes https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX as Action is read as another parameter due to the ampersand. I would like the entire URL to be used as a service and be altered to the following https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567 Does CAS have the capability to auto-encode this for me? So all the '&' would change to '%26'. The only other alternative would be to figure out how to get the application itself to auto-encode the URL but users wouldn't have a "user-friendly" URL. I looked over the CAS 3.5.2 source code and noticed that the service is generated in this method within the SimpleWebApplicationServiceImpl class SimpleWebApplicationServiceImpl createServiceFrom(final HttpServletRequest request, final HttpClient httpClient) { ... } This is the only spot I can see where modifying the service URL would work. Any input is appreciated. Thanks!! Dan -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e98625b2-d88c-4497-84e7-baee138d0a69%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57e96fc2.615f7e19.13015%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
