fix(core): add authURL validation on error-page rendering too

1 files changed, 12 insertions, 4 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index 65041c92..4ec9f028 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -518,11 +518,9 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
       @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode,
       @Nullable final Object[] params, String externalErrorCode, IErrorService.IHandleData errorData)
       throws EaafException {
-
     try {
-      final IGuiBuilderConfiguration config = guiConfigFactory
-          .getDefaultErrorGui(HttpUtils.extractAuthUrlStringFromRequest(httpReq));
-
+      final IGuiBuilderConfiguration config = guiConfigFactory.getDefaultErrorGui(
+          getValidatedAuthUrl(httpReq));
       
       String[] errorCodeParams = null;
       if (params == null) {
@@ -628,4 +626,14 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 
   }
 
+  private String getValidatedAuthUrl(HttpServletRequest httpReq) {
+    try {
+      return authConfig.validateIdpUrl(HttpUtils.extractAuthUrlFromRequest(httpReq));
+
+    } catch (EaafException e) {
+      log.warn("Request URL validation failed. Does not use it", e);
+      return "not://defined";
+
+    }
+  }
 }