Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5.6.x' into 5.7.x 

Closes gh-12221
This commit is contained in:
Marcus Da Coregio 2022-11-16 13:44:16 -03:00
parent 79483b2bc9 53148dc7b5
commit 8441e755d3
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -105,6 +105,7 @@ public final class Saml2MetadataFilter extends OncePerRequestFilter {
String format = "attachment; filename=\"%s\"; filename*=UTF-8''%s"; String format = "attachment; filename=\"%s\"; filename*=UTF-8''%s";
response.setHeader(HttpHeaders.CONTENT_DISPOSITION, String.format(format, fileName, encodedFileName)); response.setHeader(HttpHeaders.CONTENT_DISPOSITION, String.format(format, fileName, encodedFileName));
response.setContentLength(metadata.length()); response.setContentLength(metadata.length());
response.setCharacterEncoding(StandardCharsets.UTF_8.name());
response.getWriter().write(metadata); response.getWriter().write(metadata);
} }

17
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -153,6 +153,21 @@ public class Saml2MetadataFilterTests {
verify(this.repository).findByRegistrationId("registration-id"); verify(this.repository).findByRegistrationId("registration-id");
} }
// gh-12026
@Test
public void doFilterWhenCharacterEncodingThenEncodeSpecialCharactersCorrectly() throws Exception {
RelyingPartyRegistration validRegistration = TestRelyingPartyRegistrations.full().build();
String testMetadataFilename = "test-{registrationId}-metadata.xml";
String generatedMetadata = "<xml>testäöü</xml>";
this.request.setPathInfo("/saml2/service-provider-metadata/registration-id");
given(this.resolver.resolve(validRegistration)).willReturn(generatedMetadata);
this.filter = new Saml2MetadataFilter((req, id) -> validRegistration, this.resolver);
this.filter.setMetadataFilename(testMetadataFilename);
this.filter.doFilter(this.request, this.response, this.chain);
assertThat(this.response.getCharacterEncoding()).isEqualTo(StandardCharsets.UTF_8.name());
assertThat(new String(this.response.getContentAsByteArray())).isEqualTo(generatedMetadata);
}
@Test @Test
public void setRequestMatcherWhenNullThenIllegalArgument() { public void setRequestMatcherWhenNullThenIllegalArgument() {
assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setRequestMatcher(null)); assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setRequestMatcher(null));