svn commit: r1338721 - /cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java

[coheigea]

Author: coheigea
Date: Tue May 15 14:26:27 2012
New Revision: 1338721

URL: http://svn.apache.org/viewvc?rev=1338721&view=rev
Log:
URL decode the SAMLResponse first

Modified:
    
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java

Modified: 
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1338721&r1=1338720&r2=1338721&view=diff
==============================================================================
--- 
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
 (original)
+++ 
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
 Tue May 15 14:26:27 2012
@@ -23,6 +23,7 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
+import java.net.URLDecoder;
 import java.util.ResourceBundle;
 import java.util.UUID;
 import java.util.logging.Logger;
@@ -140,10 +141,17 @@ public class RequestAssertionConsumerSer
             reportError("MISSING_SAML_RESPONSE");
             throw new WebApplicationException(400);
         }
+        
+        String samlResponseDecoded = null;
+        try {
+            samlResponseDecoded = URLDecoder.decode(samlResponse, "UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            throw new WebApplicationException(400);
+        }
         InputStream tokenStream = null;
         if (isSupportBase64Encoding()) {
             try {
-                byte[] deflatedToken = Base64Utility.decode(samlResponse);
+                byte[] deflatedToken = 
Base64Utility.decode(samlResponseDecoded);
                 tokenStream = isSupportDeflateEncoding() 
                     ? new DeflateEncoderDecoder().inflateToken(deflatedToken)
                     : new ByteArrayInputStream(deflatedToken); 
@@ -154,7 +162,7 @@ public class RequestAssertionConsumerSer
             }
         } else {
             try {
-                tokenStream = new 
ByteArrayInputStream(samlResponse.getBytes("UTF-8"));
+                tokenStream = new 
ByteArrayInputStream(samlResponseDecoded.getBytes("UTF-8"));
             } catch (UnsupportedEncodingException ex) {
                 throw new WebApplicationException(400);
             }