Thanks! Someone else actually just opened a JIRA issue for that. If you wouldn't mind, please attach your patch to that.
We got a little overzealous with our safe checking of parameters (and possibly highlighted insufficient test coverage). Cheers, Scott On Thu, Aug 27, 2009 at 11:37 PM, John Watson <[email protected]> wrote: > Hi All, > I've been adapting CAS Client 3.1.7 for working with Atlassian Jira and ran > into a problem with the single sign out filter. > This is the patch I did to get it working: > > Index: src/main/java/org/jasig/cas/client/session/SingleSignOutFilter.java > =================================================================== > --- src/main/java/org/jasig/cas/client/session/SingleSignOutFilter.java > (revision 46469) > +++ src/main/java/org/jasig/cas/client/session/SingleSignOutFilter.java > (working copy) > @@ -57,7 +57,7 @@ > final HttpServletRequest request = (HttpServletRequest) > servletRequest; > > if ("POST".equals(request.getMethod())) { > - final String logoutRequest = > CommonUtils.safeGetParameter(request, "logoutRequest"); > + final String logoutRequest = > request.getParameter("logoutRequest"); > > if (CommonUtils.isNotBlank(logoutRequest)) { > > CommonUtils.safeGetParameter() seems to check if the query string is null > in the request. Single Sign Out is a post, therefore query string will > always be null. and getParameter() is already safe because it will return a > null if the parameter doesn't exist. > > John Watson > Jr. Web Developer > University of California, Merced > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
