diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2018-07-25 13:03:27 +0200 |
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2018-07-25 13:03:27 +0200 |
| commit | c7f57bf447d5ec6883ce53d64559ae50462dd570 (patch) | |
| tree | 937da2e7fde388b720176251768e65046013b734 | |
| parent | 67e837bd26f513b6e2f16703fada3f87d5a06948 (diff) | |
| download | EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.tar.gz EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.tar.bz2 EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.zip | |
fix bug in auth/AbstractAuthenticationManager.java which adds http header names without toLowerCase()
3 files changed, 31 insertions, 4 deletions
diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml index a17cd7d6..6b236ac6 100644 --- a/eaaf_core/pom.xml +++ b/eaaf_core/pom.xml @@ -15,7 +15,7 @@ <description>Core components for identity managment implementations</description> <properties> - <surefire.version>2.20.1</surefire.version> + <surefire.version>2.22.0</surefire.version> <org.slf4j.version>1.7.25</org.slf4j.version> </properties> diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java index 1fb4bf6b..afadeb61 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java @@ -256,12 +256,17 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa Enumeration<String> reqHeaderNames = httpReq.getHeaderNames(); while(reqHeaderNames.hasMoreElements()) { String paramName = reqHeaderNames.nextElement(); - if (StringUtils.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) - executionContext.put(paramName, StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName))); + if (StringUtils.isNotEmpty(paramName) + && at.gv.egiz.eaaf.core.impl.utils.ArrayUtils.containsCaseInsensitive(paramName, reqHeaderWhiteListeForModules) + //reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) + ) + executionContext.put(paramName.toLowerCase(), StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName))); } } + + //populate more IDP specific information to execution context populateExecutionContext(executionContext, pendingReq, httpReq); @@ -269,7 +274,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa startProcessEngine(pendingReq, executionContext); } - + /** * * diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java new file mode 100644 index 00000000..f399ee75 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java @@ -0,0 +1,22 @@ +package at.gv.egiz.eaaf.core.impl.utils; + +import java.util.List; + +public class ArrayUtils { + + /** + * Check if a String 's' is part of a List 'l' in qualsIgnoreCase mode + * + * @param s Search String + * @param l List of String elements + * @return true if 's' is in 'l', otherwise false + */ + public static boolean containsCaseInsensitive(String s, List<String> l){ + if (l == null || s == null) + return false; + + return l.stream().anyMatch(x -> x.equalsIgnoreCase(s)); + + } + +} |