fix bug in auth/AbstractAuthenticationManager.java which adds http header names without toLowerCase()

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2018-07-25 13:03:27 +0200
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2018-07-25 13:03:27 +0200
commit: c7f57bf447d5ec6883ce53d64559ae50462dd570 (patch)
tree: 937da2e7fde388b720176251768e65046013b734 /eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
parent: 67e837bd26f513b6e2f16703fada3f87d5a06948 (diff)
download: EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.tar.gz
EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.tar.bz2
EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
index 1fb4bf6b..afadeb61 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
@@ -256,12 +256,17 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa
 			Enumeration<String> reqHeaderNames = httpReq.getHeaderNames();
 			while(reqHeaderNames.hasMoreElements()) { 
 				String paramName = reqHeaderNames.nextElement();
-				if (StringUtils.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) )
-					executionContext.put(paramName, StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName)));
+				if (StringUtils.isNotEmpty(paramName) 
+						&& at.gv.egiz.eaaf.core.impl.utils.ArrayUtils.containsCaseInsensitive(paramName, reqHeaderWhiteListeForModules) 
+						//reqHeaderWhiteListeForModules.contains(paramName.toLowerCase())
+					)
+					executionContext.put(paramName.toLowerCase(), StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName)));
 					
 			}			
 		}
 		
+
+		
 		//populate more IDP specific information to execution context
 		populateExecutionContext(executionContext, pendingReq, httpReq);
 				
@@ -269,7 +274,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa
 		startProcessEngine(pendingReq, executionContext);
 		
 	}
-
+	
 	/**
 	 * 
 	 *
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2018-07-25 13:03:27 +0200
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2018-07-25 13:03:27 +0200
commit	c7f57bf447d5ec6883ce53d64559ae50462dd570 (patch)
tree	937da2e7fde388b720176251768e65046013b734 /eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
parent	67e837bd26f513b6e2f16703fada3f87d5a06948 (diff)
download	EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.tar.gz EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.tar.bz2 EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.zip