Repository: cxf-fediz Updated Branches: refs/heads/master 6fc7f301d -> 845825d9c
Encode query parameters in the IdP for FedizEntryPoint Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/845825d9 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/845825d9 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/845825d9 Branch: refs/heads/master Commit: 845825d9cdc008def25d4c1cd418efe7b0d8729b Parents: 6fc7f30 Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Dec 15 15:24:27 2016 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Dec 15 15:24:27 2016 +0000 ---------------------------------------------------------------------- .../cxf/fediz/service/idp/FedizEntryPoint.java | 44 ++++++++++++++------ 1 file changed, 32 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/845825d9/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java ---------------------------------------------------------------------- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java index d266f3c..dd121fb 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java @@ -22,6 +22,8 @@ package org.apache.cxf.fediz.service.idp; import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; +import java.net.URLEncoder; +import java.util.Enumeration; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -50,9 +52,9 @@ import org.springframework.util.Assert; */ public class FedizEntryPoint implements AuthenticationEntryPoint, InitializingBean, ApplicationContextAware { - + private static final Logger LOG = LoggerFactory.getLogger(FedizEntryPoint.class); - + private ApplicationContext appContext; private ConfigService configService; private String realm; @@ -65,7 +67,7 @@ public class FedizEntryPoint implements AuthenticationEntryPoint, public void setConfigService(ConfigService configService) { this.configService = configService; } - + public String getRealm() { return realm; } @@ -73,7 +75,7 @@ public class FedizEntryPoint implements AuthenticationEntryPoint, public void setRealm(String realm) { this.realm = realm; } - + public void afterPropertiesSet() throws Exception { Assert.notNull(this.appContext, "ApplicationContext cannot be null."); Assert.notNull(this.configService, "ConfigService cannot be null."); @@ -85,8 +87,7 @@ public class FedizEntryPoint implements AuthenticationEntryPoint, idpConfig = configService.getIDP(realm); Assert.notNull(this.idpConfig, "idpConfig cannot be null. Check realm and config service implementation"); - - String redirectUrl = null; + String wauth = servletRequest.getParameter(FederationConstants.PARAM_AUTH_TYPE); if (wauth == null) { wauth = "default"; @@ -98,13 +99,32 @@ public class FedizEntryPoint implements AuthenticationEntryPoint, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "The wauth value that was supplied is not supported"); return; } - redirectUrl = new StringBuilder(extractFullContextPath(servletRequest)) - .append(loginUri).append("?").append(servletRequest.getQueryString()).toString(); - + + StringBuilder builder = new StringBuilder(extractFullContextPath(servletRequest)) + .append(loginUri).append("?"); + + // Add the query parameters - URL encoding them for safety + @SuppressWarnings("unchecked") + Enumeration<String> names = servletRequest.getParameterNames(); + while (names.hasMoreElements()) { + String name = names.nextElement(); + String[] values = servletRequest.getParameterValues(name); + if (values != null && values.length > 0) { + builder.append(name).append("="); + builder.append(URLEncoder.encode(values[0], "UTF-8")); + builder.append("&"); + } + } + // Remove trailing ampersand + if (builder.charAt(builder.length() - 1) == '&') { + builder.deleteCharAt(builder.length() - 1); + } + + String redirectUrl = builder.toString(); preCommence(servletRequest, response); if (LOG.isInfoEnabled()) { LOG.info("Redirect to " + redirectUrl); - } + } response.sendRedirect(redirectUrl); } @@ -123,12 +143,12 @@ public class FedizEntryPoint implements AuthenticationEntryPoint, public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { this.appContext = applicationContext; } - + protected String extractFullContextPath(HttpServletRequest request) throws MalformedURLException { String result = null; String contextPath = request.getContextPath(); String requestUrl = request.getRequestURL().toString(); - + String requestPath = new URL(requestUrl).getPath(); // Cut request path of request url and add context path if not ROOT if (requestPath != null && requestPath.length() > 0) {
