TouchInstinct
/
java-cas-client
303
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
752 Commits 17 Branches 36 Tags 2.3 MiB
Commit Graph

459 Commits

Author SHA1 Message Date
Marvin S. Addison 7ce4cb8aa5 Provide for secure XML processing. 
Follow recommendations at https://wiki.shibboleth.net/confluence/x/XoEYAw
which are consistent with recommendations on #191 to prevent XXE vectors.

Resolves #191
See https://github.com/apereo/java-cas-client/issues/191
 2019-06-25 08:01:46 -04:00
Hal Deadman 52274f828f Merge pull request #251 from inghamn/patch-1 
Prioritize X-Forwarded-Host when choosing the service parameter
 2019-05-29 19:15:12 -04:00
Renovate Bot c6a46da7fa Update dependency org.apache.maven.plugins:maven-jar-plugin to v3 2019-04-30 19:40:11 +00:00
Renovate Bot 0e333ec040 Update dependency log4j:log4j to v1.2.17 2019-04-30 09:39:34 +00:00
LELEU Jérôme abacb75df2 Handle encrypted PGTs (#260) 
* Handle encrypted PGTs

* add tests

* stick to Java 6 and use commons-codec for Base64

* Remove the encrypted PGT after a PGT has been retrieved

* use Bouncycastle to load PEM files

* update to latest BC dependency
 2019-04-03 13:53:09 +02:00
Jérôme LELEU 58de00e34b Support the method parameter 2019-03-13 09:15:07 +01:00
Misagh Moayyed 86b93cbb26 clean up 2019-01-31 01:43:33 -07:00
Misagh Moayyed cc756cb72d update readme; add full-regex 2019-01-31 01:39:55 -07:00
tsschmidt f06895bc18 Refactored and added unit test. 2019-01-24 16:31:54 -08:00
tsschmidt 18d981efaa Refactor 2019-01-23 10:24:01 -08:00
tsschmidt 080405b4c0 Extract inlined CAS attributes in protocol 3 Ticket Validator 2019-01-23 08:26:35 -08:00
Cliff Ingham 2b1b7a142a Prioritize X-Forwarded-Host when choosing the service parameter 
Use X-Forwarded-Host whenever it's available.
 2018-12-14 16:28:55 -05:00
Dmitriy Kopylenko ba50664582 [maven-release-plugin] prepare for next development iteration 2018-11-01 10:32:59 -04:00
Dmitriy Kopylenko bafe64e7cd [maven-release-plugin] prepare release cas-client-3.5.1 2018-11-01 10:32:53 -04:00
Joshua Smith c39735729d Include serverName path when constructing service url 
Commit be2a641 introduced a bug which overwrites the serverName path component
when constructing service urls. This makes it impossible to deploy a CAS-
protected application behind a reverse proxy with a path prefix.

Now, the path from the incoming request is appended to the serverName path
instead of overwriting it.
 2018-10-02 13:29:30 -07:00
Matt Drees 1d4312b64f Rename logoutPath to logoutCallbackPath 2018-07-25 13:07:29 -06:00
Misagh Moayyed af78b8703f Merge branch 'master' into issue-210-preserve-entity-stream-for-non-logout-requests 2018-07-25 10:25:51 +04:30
Matt Drees c5d1b1ef84 Stop using "matches" terminology 2018-07-24 16:07:44 -06:00
Matt Drees 40dcc8b34a Move utility method to CommonUtils 2018-07-24 15:19:01 -06:00
Matt Drees ba5982e1eb Add option to prevent entity stream consumption 
If someone's app cannot handle the SingleSignOutFilter's consumption of entity streams
(via a `request.getParameter()` call) on all requests,
they can use this option in conjunction with setting up a service logout URL at the CAS server.
The filter will now only consume the stream on requests to this path.

Fixes https://github.com/apereo/java-cas-client/issues/210.
 2018-07-24 15:19:00 -06:00
Matt Drees b6f6b5de76 Support casServerUrlPrefix config option 
`casServerUrlPrefix` is used for validation and single logout,
but before this commit it couldn't be used by the auth filter.
As a result, web.xml needed to (for the typical usecase)
contain at least two references to the cas server.

Now, only one context init-param reference is necessary,
as long as the login page is hosted at {prefix}/login
(which seems to be mandated by cas protocol spec).
 2018-07-24 15:18:24 -06:00
Misagh Moayyed 93561a297f Merge pull request #178 from jalios/master 
Fix #177 Every other request incorrectly gatewayed
 2018-07-25 00:24:13 +04:30
Matt Drees 306ec75569 Fix race condition in PublicTestHttpServer tests 
The previous code assumed the server would start listening on the socket before tests ran, but didn't enforce this.
 2018-07-24 11:29:25 -06:00
Misagh Moayyed a061764ca1 fix tests 2018-07-17 11:50:10 +04:30
Misagh Moayyed 7fbac753ee fix tests 2018-07-17 11:42:41 +04:30
Misagh Moayyed 15100f3c39 fix tests; adjust log levels for tests 2018-07-17 11:33:03 +04:30
Misagh Moayyed 3875c39a21 handle un-encoded query strings in url parameters 2018-01-31 14:11:00 +03:30
Dmitriy Kopylenko b208e94b93 [maven-release-plugin] prepare for next development iteration 2018-01-12 11:56:32 -05:00
Dmitriy Kopylenko c00da6bb81 [maven-release-plugin] prepare release cas-client-3.5.0 2018-01-12 11:56:28 -05:00
Misagh Moayyed c06facd9e1 Merge pull request #209 from tkd-yas/master 
Fix missing parameter key in service url (#208)
 2017-10-06 04:31:21 -07:00
Misagh Moayyed f341f50cd5 Merge pull request #212 from mmoayyed/json-validator 
New Json ticket validator to accept CAS responses in JSON.
 2017-06-20 09:16:37 -07:00
Hal Deadman f9202b9a8a Improve error logging when getting response fails 2017-06-02 10:59:16 -04:00
Misagh Moayyed ccf8e718b2 Apply changes after code review by @serac 2017-06-01 21:03:51 -04:00
leleuj 6f84cc2356 merge with master 2017-05-24 08:36:57 +02:00
Misagh Moayyed f5a0ee6987 Merge pull request #187 from Unicon/Frontchannel-slo 
Handle front-channel SLO
 2017-05-22 12:25:15 -04:00
Misagh Moayyed dfb13e5397 add test cases 2017-05-18 14:09:11 -07:00
Misagh Moayyed 552b9f9fac Fix test cases with attribute encoding 2017-05-18 12:31:44 -07:00
Misagh Moayyed f2ea4129bd allow extension points for JSON validation parsing. add filter and validator 2017-05-17 16:13:46 -07:00
Misagh Moayyed 88789ef358 allow extension points for JSON validation parsing. add filter and validator 2017-05-17 16:00:24 -07:00
Misagh Moayyed 5152f40be9 allow extension points for JSON validation parsing. add filter and validator 2017-05-17 15:59:20 -07:00
Misagh Moayyed 1fc896c458 allow extension points for JSON validation parsing. add filter and validator 2017-05-17 15:04:42 -07:00
Yasuhiro Takada 834531c7a6 fix test faiiure 2017-04-17 20:36:40 +09:00
Yasuhiro Takada 2f7729a892 fix missing parameter key in service url when parameter value not provided. 2017-04-17 19:22:41 +09:00
lizhixiang 47fb9c0fbb add setter to ignoreUrlPatternMatcherStrategyClass, with purpose of 
injecting UrlPatternMatcherStrategy to AuthenticationFilter by Spring
IOC
 2017-01-05 12:16:16 +08:00
Misagh Moayyed 4d1d62bd62 Merge pull request #184 from Unicon/Skew-assertion-date 
Handle date equality when checking for assertion validity
 2016-09-23 10:24:02 +03:30
Misagh Moayyed 6be07281d5 Fixed test cases 2016-09-09 16:22:32 +04:30
Misagh Moayyed 7db200e8c6 Updated front-channel SLO handling 2016-09-09 16:14:06 +04:30
Misagh Moayyed 527f0c6d28 Merge pull request #181 from Unicon/Tostring 
Let ConfigurationKey toString() the name
 2016-09-07 20:53:38 +04:30
Misagh Moayyed 7d5a9bc124 Merge pull request #185 from Unicon/Redundant-GroupId 
Remove redundant groupId from POM defns
 2016-09-07 20:53:21 +04:30
Misagh Moayyed 92371f794a Remove redundant groupId from POM defns 2016-09-07 16:12:34 +04:30