Scott Battaglia
parent
f9e3ae8abb
commit
f0a78e0edf
|
|
@ -95,7 +95,7 @@ public class AuthenticationFilter extends AbstractCasFilter {
|
|||
return;
|
||||
}
|
||||
|
||||
final String ticket = request.getParameter(getArtifactParameterName());
|
||||
final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName());
|
||||
final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);
|
||||
|
||||
if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ public final class SingleSignOutFilter extends AbstractConfigurationFilter {
|
|||
final HttpServletRequest request = (HttpServletRequest) servletRequest;
|
||||
|
||||
if ("POST".equals(request.getMethod())) {
|
||||
final String logoutRequest = request.getParameter("logoutRequest");
|
||||
final String logoutRequest = CommonUtils.safeGetParameter(request, "logoutRequest");
|
||||
|
||||
if (CommonUtils.isNotBlank(logoutRequest)) {
|
||||
|
||||
|
|
@ -87,7 +87,7 @@ public final class SingleSignOutFilter extends AbstractConfigurationFilter {
|
|||
}
|
||||
}
|
||||
} else {
|
||||
final String artifact = request.getParameter(this.artifactParameterName);
|
||||
final String artifact = CommonUtils.safeGetParameter(request, this.artifactParameterName);
|
||||
final HttpSession session = request.getSession();
|
||||
|
||||
if (log.isDebugEnabled() && session != null) {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
|
|||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.ServletRequest;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
|
|
@ -236,4 +237,15 @@ public final class CommonUtils {
|
|||
return returnValue;
|
||||
}
|
||||
|
||||
/**
|
||||
* Safe method for retrieving a parameter from the request without disrupting the reader UNLESS the parameter
|
||||
* actually exists in the query string.
|
||||
*
|
||||
* @param request the request to check.
|
||||
* @param parameter the parameter to look for.
|
||||
* @return the value of the parameter.
|
||||
*/
|
||||
public static String safeGetParameter(final HttpServletRequest request, final String parameter) {
|
||||
return request.getQueryString().indexOf(parameter) != -1 ? request.getParameter(parameter) : null;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ import javax.servlet.FilterConfig;
|
|||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.io.IOException;
|
||||
import java.util.Iterator;
|
||||
import java.util.Map;
|
||||
|
|
@ -89,8 +90,7 @@ public final class DelegatingFilter implements Filter {
|
|||
final ServletResponse response, final FilterChain filterChain)
|
||||
throws IOException, ServletException {
|
||||
|
||||
final String parameter = request
|
||||
.getParameter(this.requestParameterName);
|
||||
final String parameter = CommonUtils.safeGetParameter((HttpServletRequest) request, this.requestParameterName);
|
||||
|
||||
if (CommonUtils.isNotEmpty(parameter)) {
|
||||
for (final Iterator iter = this.delegators.keySet().iterator(); iter
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ public abstract class AbstractTicketValidationFilter extends AbstractCasFilter {
|
|||
|
||||
final HttpServletRequest request = (HttpServletRequest) servletRequest;
|
||||
final HttpServletResponse response = (HttpServletResponse) servletResponse;
|
||||
final String ticket = request.getParameter(getArtifactParameterName());
|
||||
final String ticket = CommonUtils.safeGetParameter(request, getArtifactParameterName());
|
||||
|
||||
if (CommonUtils.isNotBlank(ticket)) {
|
||||
if (log.isDebugEnabled()) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue