GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-1701: Trim claimed identity parameter value before submitting to OpenID4Java.

3.0.x
Luke Taylor 15 years ago
parent
acee3e2593
commit
198d5d0482
2 changed files with 17 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 30
      openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
  2. 2
      openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java

30
openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
Unescape View File

@ -15,19 +15,6 @@ @@ -15,19 +15,6 @@
package org.springframework.security.openid;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.openid4java.consumer.ConsumerException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
@ -38,6 +25,14 @@ import org.springframework.security.web.authentication.rememberme.AbstractRememb @@ -38,6 +25,14 @@ import org.springframework.security.web.authentication.rememberme.AbstractRememb
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.*;
/**
* Filter which processes OpenID authentication requests.
@ -239,7 +234,14 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing @@ -239,7 +234,14 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
* Reads the <tt>claimedIdentityFieldName</tt> from the submitted request.
*/
protected String obtainUsername(HttpServletRequest req) {
return req.getParameter(claimedIdentityFieldName);
String claimedIdentity = req.getParameter(claimedIdentityFieldName);
if (!StringUtils.hasText(claimedIdentity)) {
logger.error("No claimed identity supplied in authentication request");
return "";
}
return claimedIdentity.trim();
}
/**

2
openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
Unescape View File

@ -45,7 +45,7 @@ public class OpenIDAuthenticationFilterTests { @@ -45,7 +45,7 @@ public class OpenIDAuthenticationFilterTests {
MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH);
MockHttpServletResponse response = new MockHttpServletResponse();
req.setParameter("openid_identifier", CLAIMED_IDENTITY_URL);
req.setParameter("openid_identifier", " " + CLAIMED_IDENTITY_URL);
req.setRemoteHost("www.example.com");
filter.setConsumer(new MockOpenIDConsumer() {

Write Preview
Loading…
Cancel
Save