summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2018-07-25 13:03:27 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2018-07-25 13:03:27 +0200
commitc7f57bf447d5ec6883ce53d64559ae50462dd570 (patch)
tree937da2e7fde388b720176251768e65046013b734
parent67e837bd26f513b6e2f16703fada3f87d5a06948 (diff)
downloadEAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.tar.gz
EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.tar.bz2
EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.zip
fix bug in auth/AbstractAuthenticationManager.java which adds http header names without toLowerCase()
-rw-r--r--eaaf_core/pom.xml2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java11
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java22
3 files changed, 31 insertions, 4 deletions
diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml
index a17cd7d6..6b236ac6 100644
--- a/eaaf_core/pom.xml
+++ b/eaaf_core/pom.xml
@@ -15,7 +15,7 @@
<description>Core components for identity managment implementations</description>
<properties>
- <surefire.version>2.20.1</surefire.version>
+ <surefire.version>2.22.0</surefire.version>
<org.slf4j.version>1.7.25</org.slf4j.version>
</properties>
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
index 1fb4bf6b..afadeb61 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
@@ -256,12 +256,17 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa
Enumeration<String> reqHeaderNames = httpReq.getHeaderNames();
while(reqHeaderNames.hasMoreElements()) {
String paramName = reqHeaderNames.nextElement();
- if (StringUtils.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) )
- executionContext.put(paramName, StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName)));
+ if (StringUtils.isNotEmpty(paramName)
+ && at.gv.egiz.eaaf.core.impl.utils.ArrayUtils.containsCaseInsensitive(paramName, reqHeaderWhiteListeForModules)
+ //reqHeaderWhiteListeForModules.contains(paramName.toLowerCase())
+ )
+ executionContext.put(paramName.toLowerCase(), StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName)));
}
}
+
+
//populate more IDP specific information to execution context
populateExecutionContext(executionContext, pendingReq, httpReq);
@@ -269,7 +274,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa
startProcessEngine(pendingReq, executionContext);
}
-
+
/**
*
*
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java
new file mode 100644
index 00000000..f399ee75
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java
@@ -0,0 +1,22 @@
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.util.List;
+
+public class ArrayUtils {
+
+ /**
+ * Check if a String 's' is part of a List 'l' in qualsIgnoreCase mode
+ *
+ * @param s Search String
+ * @param l List of String elements
+ * @return true if 's' is in 'l', otherwise false
+ */
+ public static boolean containsCaseInsensitive(String s, List<String> l){
+ if (l == null || s == null)
+ return false;
+
+ return l.stream().anyMatch(x -> x.equalsIgnoreCase(s));
+
+ }
+
+}