* Issue #4227 - do not use encodeRedirectURL for openid redirects Signed-off-by: Lachlan Roberts <lachlan@webtide.com> * changes from review Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
This commit is contained in:
parent
add8ffca5b
commit
a9e543c1c0
|
@ -246,6 +246,16 @@ public class OpenIdAuthenticator extends LoginAuthenticator
|
|||
|
||||
try
|
||||
{
|
||||
if (request.isRequestedSessionIdFromURL())
|
||||
{
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("Session ID should be cookie for OpenID authentication to work");
|
||||
|
||||
int redirectCode = (baseRequest.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
|
||||
baseResponse.sendRedirect(redirectCode, URIUtil.addPaths(request.getContextPath(), _errorPage));
|
||||
return Authentication.SEND_FAILURE;
|
||||
}
|
||||
|
||||
// Handle a request for authentication.
|
||||
if (isJSecurityCheck(uri))
|
||||
{
|
||||
|
@ -288,7 +298,7 @@ public class OpenIdAuthenticator extends LoginAuthenticator
|
|||
|
||||
response.setContentLength(0);
|
||||
int redirectCode = (baseRequest.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
|
||||
baseResponse.sendRedirect(redirectCode, response.encodeRedirectURL(nuri));
|
||||
baseResponse.sendRedirect(redirectCode, nuri);
|
||||
return openIdAuth;
|
||||
}
|
||||
}
|
||||
|
@ -308,7 +318,7 @@ public class OpenIdAuthenticator extends LoginAuthenticator
|
|||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("auth failed {}", _errorPage);
|
||||
int redirectCode = (baseRequest.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
|
||||
baseResponse.sendRedirect(redirectCode, response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(), _errorPage)));
|
||||
baseResponse.sendRedirect(redirectCode, URIUtil.addPaths(request.getContextPath(), _errorPage));
|
||||
}
|
||||
|
||||
return Authentication.SEND_FAILURE;
|
||||
|
@ -399,7 +409,7 @@ public class OpenIdAuthenticator extends LoginAuthenticator
|
|||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("challenge {}->{}", session.getId(), challengeUri);
|
||||
int redirectCode = (baseRequest.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
|
||||
baseResponse.sendRedirect(redirectCode, response.encodeRedirectURL(challengeUri));
|
||||
baseResponse.sendRedirect(redirectCode, challengeUri);
|
||||
|
||||
return Authentication.SEND_CONTINUE;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue