forked from Unicon/shib-cas-authn3
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request Unicon#29 from Unicon/3.2.3
fixed the embedded Id validation issue
- Loading branch information
Showing
5 changed files
with
63 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
gradleVersion=3.3 | ||
|
||
version=3.2.2 | ||
version=3.2.3 | ||
|
||
casClientVersion=3.4.1 | ||
commonLangVersion=2.5 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,6 +35,7 @@ | |
* | ||
* @author [email protected] | ||
* @author [email protected] | ||
* @author aremmes (GitHub) | ||
*/ | ||
@WebServlet(name = "ShibcasAuthServlet", urlPatterns = {"/Authn/ExtCas/*"}) | ||
public class ShibcasAuthServlet extends HttpServlet { | ||
|
@@ -93,7 +94,7 @@ private void validateCasTicket(final HttpServletRequest request, final HttpServl | |
final String authenticationKey, final boolean force) throws ExternalAuthenticationException, IOException { | ||
try { | ||
ticketValidator.setRenew(force); | ||
String serviceUrl = constructServiceUrl(request, response); | ||
String serviceUrl = constructServiceUrl(request, response, true); | ||
logger.debug("validating ticket: {} with service url: {}", ticket, serviceUrl); | ||
|
||
Assertion assertion = ticketValidator.validate(ticket, serviceUrl); | ||
|
@@ -245,7 +246,7 @@ private void buildTranslators(Environment environment) { | |
/** | ||
* Use the CAS CommonUtils to build the CAS Service URL. | ||
*/ | ||
private String constructServiceUrl(final HttpServletRequest request, final HttpServletResponse response) { | ||
protected String constructServiceUrl(final HttpServletRequest request, final HttpServletResponse response) { | ||
String serviceUrl = CommonUtils.constructServiceUrl(request, response, null, serverName, serviceParameterName, artifactParameterName, true); | ||
|
||
if ("embed".equalsIgnoreCase(entityIdLocation)) { | ||
|
@@ -255,6 +256,18 @@ private String constructServiceUrl(final HttpServletRequest request, final HttpS | |
return serviceUrl; | ||
} | ||
|
||
/** | ||
* Like the above, but with a flag indicating whether we're validating a service ticket, | ||
* in which case we should not modify the service URL returned by CAS CommonUtils; this | ||
* avoids appending the entity ID twice when entityIdLocation=embed, since the ID is already | ||
* embedded in the string during validation. | ||
*/ | ||
protected String constructServiceUrl(final HttpServletRequest request, final HttpServletResponse response, final boolean isValidatingTicket ) { | ||
return isValidatingTicket | ||
? CommonUtils.constructServiceUrl(request, response, null, serverName, serviceParameterName, artifactParameterName, true) | ||
: constructServiceUrl(request, response); | ||
} | ||
|
||
private void loadErrorPage(final HttpServletRequest request, final HttpServletResponse response) { | ||
RequestDispatcher requestDispatcher = request.getRequestDispatcher("/no-conversation-state.jsp"); | ||
try { | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters