TouchInstinct
/
java-cas-client
303
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CASC-147 

ignore logout requests for multipart forms
This commit is contained in:
Scott Battaglia 2011-06-21 01:39:49 +00:00
parent e9569564d7
commit 8941d96a99
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutHandler.java
View File

@ -100,7 +100,7 @@ public final class SingleSignOutHandler {
* @return True if request is logout request, false otherwise.
*/
public boolean isLogoutRequest(final HttpServletRequest request) {
return "POST".equals(request.getMethod()) &&
return "POST".equals(request.getMethod()) && !isMultipartRequest(request) &&
CommonUtils.isNotBlank(CommonUtils.safeGetParameter(request, this.logoutParameterName));
}
@ -155,4 +155,8 @@ public final class SingleSignOutHandler {
}
}
}
private boolean isMultipartRequest(final HttpServletRequest request) {
return request.getContentType() != null && request.getContentType().toLowerCase().startsWith("multipart");
}
}

49
cas-client-core/src/test/java/org/jasig/cas/client/session/SingleSignoutHandlerTests.java Normal file
View File

@ -0,0 +1,49 @@
package org.jasig.cas.client.session;
import org.junit.Before;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import static org.junit.Assert.*;
/**
* @author Matt Brown <matt.brown@citrix.com>
* @version $Revision$ $Date$
* @since 3.2.1
*/
public final class SingleSignoutHandlerTests {
private SingleSignOutHandler handler;
private MockHttpServletRequest request;
private final static String logoutParameterName = "logoutRequest";
@Before
public void setUp() throws Exception {
handler = new SingleSignOutHandler();
handler.setLogoutParameterName(logoutParameterName);
request = new MockHttpServletRequest();
}
@Test
public void isLogoutRequest() throws Exception {
request.setParameter(logoutParameterName, "true");
request.setMethod("POST");
assertTrue(handler.isLogoutRequest(request));
}
/**
* Tests that a multipart request is not considered logoutRequest. Verifies issue CASC-147.
*
* @throws Exception
*/
@Test
public void isLogoutRequestMultipart() throws Exception {
request.setParameter(logoutParameterName, "true");
request.setMethod("POST");
request.setContentType("multipart/form-data");
assertFalse(handler.isLogoutRequest(request));
}
}