Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1701: Trim claimed identity parameter value before submitting to OpenID4Java.

This commit is contained in:
Luke Taylor 2011-03-25 19:09:32 +00:00
parent 236efadfb7
commit 4a1908188a
2 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
View File

@ -15,29 +15,22 @@
package org.springframework.security.openid; package org.springframework.security.openid;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.openid4java.consumer.ConsumerException; import org.openid4java.consumer.ConsumerException;
import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices; import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.*;
/** /**
* Filter which processes OpenID authentication requests. * Filter which processes OpenID authentication requests.
@ -225,7 +218,14 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
* Reads the <tt>claimedIdentityFieldName</tt> from the submitted request. * Reads the <tt>claimedIdentityFieldName</tt> from the submitted request.
*/ */
protected String obtainUsername(HttpServletRequest req) { protected String obtainUsername(HttpServletRequest req) {
return req.getParameter(claimedIdentityFieldName); String claimedIdentity = req.getParameter(claimedIdentityFieldName);
if (!StringUtils.hasText(claimedIdentity)) {
logger.error("No claimed identity supplied in authentication request");
return "";
}
return claimedIdentity.trim();
} }
/** /**

2
openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
View File

@ -45,7 +45,7 @@ public class OpenIDAuthenticationFilterTests {
MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH); MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH);
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
req.setParameter("openid_identifier", CLAIMED_IDENTITY_URL); req.setParameter("openid_identifier", " " + CLAIMED_IDENTITY_URL);
req.setRemoteHost("www.example.com"); req.setRemoteHost("www.example.com");
filter.setConsumer(new MockOpenIDConsumer() { filter.setConsumer(new MockOpenIDConsumer() {