GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-1701: Trim claimed identity parameter value before submitting to OpenID4Java.

pull/1/head
Luke Taylor 15 years ago
parent
236efadfb7
commit
4a1908188a
2 changed files with 16 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 30
      openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
  2. 2
      openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java

30
openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
Unescape View File

@ -15,29 +15,22 @@ @@ -15,29 +15,22 @@
package org.springframework.security.openid;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.openid4java.consumer.ConsumerException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.*;
/**
* Filter which processes OpenID authentication requests.
@ -225,7 +218,14 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing @@ -225,7 +218,14 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
* Reads the <tt>claimedIdentityFieldName</tt> from the submitted request.
*/
protected String obtainUsername(HttpServletRequest req) {
return req.getParameter(claimedIdentityFieldName);
String claimedIdentity = req.getParameter(claimedIdentityFieldName);
if (!StringUtils.hasText(claimedIdentity)) {
logger.error("No claimed identity supplied in authentication request");
return "";
}
return claimedIdentity.trim();
}
/**

2
openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
Unescape View File

@ -45,7 +45,7 @@ public class OpenIDAuthenticationFilterTests { @@ -45,7 +45,7 @@ public class OpenIDAuthenticationFilterTests {
MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH);
MockHttpServletResponse response = new MockHttpServletResponse();
req.setParameter("openid_identifier", CLAIMED_IDENTITY_URL);
req.setParameter("openid_identifier", " " + CLAIMED_IDENTITY_URL);
req.setRemoteHost("www.example.com");
filter.setConsumer(new MockOpenIDConsumer() {

Write Preview
Loading…
Cancel
Save