Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-520 

added parameter to determine whether to encode the session id or not and an explanation on when it should/should not be used.
This commit is contained in:
Scott Battaglia 2007-09-10 15:11:56 +00:00
parent dcb7156773
commit f7815e8da2
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
core/src/main/java/org/acegisecurity/ui/cas/CasProcessingFilterEntryPoint.java
View File

@ -46,6 +46,16 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
private ServiceProperties serviceProperties;
private String loginUrl;
/**
* Determines whether the Service URL should include the session id for the specific user. As of CAS 3.0.5, the
* session id will automatically be stripped. However, older versions of CAS (i.e. CAS 2), do not automatically
* strip the session identifier (this is a bug on the part of the older server implementations), so an option to
* disable the session encoding is provided for backwards compatibility.
*
* By default, encoding is enabled.
*/
private boolean encodeServiceUrlWithSessionId = true;
//~ Methods ========================================================================================================
@ -59,7 +69,7 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final String urlEncodedService = response.encodeURL(this.serviceProperties.getService());
final String urlEncodedService = this.encodeServiceUrlWithSessionId ? response.encodeURL(this.serviceProperties.getService()) : this.serviceProperties.getService();
final StringBuffer buffer = new StringBuffer(255);
@ -94,4 +104,8 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
public void setServiceProperties(final ServiceProperties serviceProperties) {
this.serviceProperties = serviceProperties;
}
public void setEncodeServiceUrlWithSessionId(final boolean encodeServiceUrlWithSessionId) {
this.encodeServiceUrlWithSessionId = encodeServiceUrlWithSessionId;
}
}