SEC-520
added parameter to determine whether to encode the session id or not and an explanation on when it should/should not be used.
This commit is contained in:
parent
dcb7156773
commit
f7815e8da2
|
@ -46,6 +46,16 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
|
||||||
|
|
||||||
private ServiceProperties serviceProperties;
|
private ServiceProperties serviceProperties;
|
||||||
private String loginUrl;
|
private String loginUrl;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determines whether the Service URL should include the session id for the specific user. As of CAS 3.0.5, the
|
||||||
|
* session id will automatically be stripped. However, older versions of CAS (i.e. CAS 2), do not automatically
|
||||||
|
* strip the session identifier (this is a bug on the part of the older server implementations), so an option to
|
||||||
|
* disable the session encoding is provided for backwards compatibility.
|
||||||
|
*
|
||||||
|
* By default, encoding is enabled.
|
||||||
|
*/
|
||||||
|
private boolean encodeServiceUrlWithSessionId = true;
|
||||||
|
|
||||||
//~ Methods ========================================================================================================
|
//~ Methods ========================================================================================================
|
||||||
|
|
||||||
|
@ -59,7 +69,7 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
|
||||||
throws IOException, ServletException {
|
throws IOException, ServletException {
|
||||||
final HttpServletRequest request = (HttpServletRequest) servletRequest;
|
final HttpServletRequest request = (HttpServletRequest) servletRequest;
|
||||||
final HttpServletResponse response = (HttpServletResponse) servletResponse;
|
final HttpServletResponse response = (HttpServletResponse) servletResponse;
|
||||||
final String urlEncodedService = response.encodeURL(this.serviceProperties.getService());
|
final String urlEncodedService = this.encodeServiceUrlWithSessionId ? response.encodeURL(this.serviceProperties.getService()) : this.serviceProperties.getService();
|
||||||
|
|
||||||
final StringBuffer buffer = new StringBuffer(255);
|
final StringBuffer buffer = new StringBuffer(255);
|
||||||
|
|
||||||
|
@ -94,4 +104,8 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
|
||||||
public void setServiceProperties(final ServiceProperties serviceProperties) {
|
public void setServiceProperties(final ServiceProperties serviceProperties) {
|
||||||
this.serviceProperties = serviceProperties;
|
this.serviceProperties = serviceProperties;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setEncodeServiceUrlWithSessionId(final boolean encodeServiceUrlWithSessionId) {
|
||||||
|
this.encodeServiceUrlWithSessionId = encodeServiceUrlWithSessionId;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue