Hi,
This is about the CAS extension. We noticed that the retrieveService
method in CasAuthenticationFilter.java always assumes that a
key/value-pair (an URL parameter) has a value. See line 118 in:
https://github.com/geoserver/geoserver/blob/master/src/extension/security/cas/src/main/java/org/geoserver/security/cas/GeoServerCasAuthenticationFilter.java
The line in question:
String name = param.split("=")[0];
String value = param.split("=")[1]; // error if param
has no value
However, this will result in an ArrayIndexOutOfRangeException if, for
example a GetMap URL contains a parameter with no value, such as: "style="
An example fix:
String[] keyValue = param.split("=");
if (keyValue.length == 0) continue;
String name = keyValue[0];
String value = (keyValue.length == 1) ? null : keyValue[1];
I guess this line should be adapted as well:
buff.append(name).append("=").append(value);
Why not just:
buf.append(param)
Greetz, Egon
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
