Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Decode cookie once in AbstractRememberMeServices

Browse Source 
Issue gh-9192
This commit is contained in:
zhuang 2020-11-09 21:14:20 +08:00 committed by GitHub
parent 34a21cd80c
commit ff58ac836e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
View File

@ -208,13 +208,13 @@ public abstract class AbstractRememberMeServices
for (int j = 0; j < cookieValue.length() % 4; j++) { for (int j = 0; j < cookieValue.length() % 4; j++) {
cookieValue = cookieValue + "="; cookieValue = cookieValue + "=";
} }
String cookieAsPlainText;
try { try {
Base64.getDecoder().decode(cookieValue.getBytes()); cookieAsPlainText = new String(Base64.getDecoder().decode(cookieValue.getBytes()));
} }
catch (IllegalArgumentException ex) { catch (IllegalArgumentException ex) {
throw new InvalidCookieException("Cookie token was not Base64 encoded; value was '" + cookieValue + "'"); throw new InvalidCookieException("Cookie token was not Base64 encoded; value was '" + cookieValue + "'");
} }
String cookieAsPlainText = new String(Base64.getDecoder().decode(cookieValue.getBytes()));
String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, DELIMITER); String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, DELIMITER);
for (int i = 0; i < tokens.length; i++) { for (int i = 0; i < tokens.length; i++) {
try { try {