CLOUDSTACK-8037: URL encode cookie values with UTF8 as per version 1 As per Version 1 cookies, certain characters are now allowed such as space, colons etc but they should be url encoded using UTF8 encoding. The frontend has a cookie value unboxing method that removes any double quotes that are added.
As per the doc http://download.oracle.com/javase/6/docs/api/java/net/URLEncoder.html values are application/x-www-form-urlencoded and as per http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4 whitespaces are encoded as +, therefore '+' are replaced by %20 (whitespace). Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> (cherry picked from commit 734bd70173c36508f0fc13a30c3aa8006814c019) Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/173710d5 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/173710d5 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/173710d5 Branch: refs/heads/vmware-disk-controllers Commit: 173710d5b48d1a34996f15c3ff1bd80938639b94 Parents: 0b94f25 Author: Rohit Yadav <rohit.ya...@shapeblue.com> Authored: Mon Jan 12 13:56:25 2015 +0530 Committer: Rohit Yadav <rohit.ya...@shapeblue.com> Committed: Mon Jan 12 14:03:09 2015 +0530 ---------------------------------------------------------------------- .../api/command/SAML2LoginAPIAuthenticatorCmd.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/173710d5/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java index 913c1ae..e1ccc02 100644 --- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java +++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java @@ -270,14 +270,14 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent try { if (_apiServer.verifyUser(user.getId())) { LoginCmdResponse loginResponse = (LoginCmdResponse) _apiServer.loginUser(session, username, user.getPassword(), domainId, null, remoteAddress, params); - resp.addCookie(new Cookie("userid", loginResponse.getUserId())); - resp.addCookie(new Cookie("domainid", loginResponse.getDomainId())); - resp.addCookie(new Cookie("role", loginResponse.getType())); + resp.addCookie(new Cookie("userid", URLEncoder.encode(loginResponse.getUserId(), HttpUtils.UTF_8))); + resp.addCookie(new Cookie("domainid", URLEncoder.encode(loginResponse.getDomainId(), HttpUtils.UTF_8))); + resp.addCookie(new Cookie("role", URLEncoder.encode(loginResponse.getType(), HttpUtils.UTF_8))); resp.addCookie(new Cookie("username", URLEncoder.encode(loginResponse.getUsername(), HttpUtils.UTF_8))); resp.addCookie(new Cookie("sessionKey", URLEncoder.encode(loginResponse.getSessionKey(), HttpUtils.UTF_8))); resp.addCookie(new Cookie("account", URLEncoder.encode(loginResponse.getAccount(), HttpUtils.UTF_8))); resp.addCookie(new Cookie("timezone", URLEncoder.encode(loginResponse.getTimeZone(), HttpUtils.UTF_8))); - resp.addCookie(new Cookie("userfullname", loginResponse.getFirstName() + "%20" + loginResponse.getLastName())); + resp.addCookie(new Cookie("userfullname", URLEncoder.encode(loginResponse.getFirstName() + " " + loginResponse.getLastName(), HttpUtils.UTF_8).replace("+", "%20"))); resp.sendRedirect(_configDao.getValue(Config.SAMLCloudStackRedirectionUrl.key())); return ApiResponseSerializer.toSerializedString(loginResponse, responseType);
