Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-27 14:22:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-239: switched to encoding a url with response.encodeURL to get the jsession.

Browse Source
This commit is contained in:
Scott Battaglia 2006-05-04 19:27:57 +00:00
parent 76ce826345
commit aee934812a
1 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
core/src/main/java/org/acegisecurity/ui/cas/CasProcessingFilterEntryPoint.java
View File

@ -20,6 +20,7 @@ import org.acegisecurity.ui.AuthenticationEntryPoint;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import java.io.IOException; import java.io.IOException;
@ -28,6 +29,7 @@ import java.net.URLEncoder;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -57,7 +59,7 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
//~ Methods ================================================================ //~ Methods ================================================================
public void setLoginUrl(String loginUrl) { public void setLoginUrl(final String loginUrl) {
this.loginUrl = loginUrl; this.loginUrl = loginUrl;
} }
@ -68,35 +70,38 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
* @return the enterprise-wide CAS login URL * @return the enterprise-wide CAS login URL
*/ */
public String getLoginUrl() { public String getLoginUrl() {
return loginUrl; return this.loginUrl;
} }
public void setServiceProperties(ServiceProperties serviceProperties) { public void setServiceProperties(final ServiceProperties serviceProperties) {
this.serviceProperties = serviceProperties; this.serviceProperties = serviceProperties;
} }
public ServiceProperties getServiceProperties() { public ServiceProperties getServiceProperties() {
return serviceProperties; return this.serviceProperties;
} }
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() throws Exception {
Assert.hasLength(loginUrl, "loginUrl must be specified"); Assert.hasLength(this.loginUrl, "loginUrl must be specified");
Assert.notNull(serviceProperties, "serviceProperties must be specified"); Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
} }
public void commence(ServletRequest request, ServletResponse response, public void commence(final ServletRequest servletRequest, final ServletResponse servletResponse,
AuthenticationException authenticationException) final AuthenticationException authenticationException)
throws IOException, ServletException { throws IOException, ServletException {
String url; final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final String urlEncodedService = response.encodeURL(this.serviceProperties.getService());
if (serviceProperties.isSendRenew()) { final StringBuffer buffer = new StringBuffer(255);
url = loginUrl + "?renew=true" + "&service="
+ serviceProperties.getService(); synchronized (buffer) {
} else { buffer.append(this.loginUrl);
url = loginUrl + "?service=" buffer.append("?service=");
+ URLEncoder.encode(serviceProperties.getService(), "UTF-8"); buffer.append(URLEncoder.encode(urlEncodedService, "UTF-8"));
} buffer.append(this.serviceProperties.isSendRenew() ? "&renew=true" : "");
}
((HttpServletResponse) response).sendRedirect(url);
response.sendRedirect(buffer.toString());
} }
} }