diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2018-07-25 13:03:27 +0200 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2018-07-25 13:03:27 +0200 |
commit | c7f57bf447d5ec6883ce53d64559ae50462dd570 (patch) | |
tree | 937da2e7fde388b720176251768e65046013b734 /eaaf_core/src | |
parent | 67e837bd26f513b6e2f16703fada3f87d5a06948 (diff) | |
download | EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.tar.gz EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.tar.bz2 EAAF-Components-c7f57bf447d5ec6883ce53d64559ae50462dd570.zip |
fix bug in auth/AbstractAuthenticationManager.java which adds http header names without toLowerCase()
Diffstat (limited to 'eaaf_core/src')
-rw-r--r-- | eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java | 11 | ||||
-rw-r--r-- | eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java | 22 |
2 files changed, 30 insertions, 3 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java index 1fb4bf6b..afadeb61 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java @@ -256,12 +256,17 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa Enumeration<String> reqHeaderNames = httpReq.getHeaderNames(); while(reqHeaderNames.hasMoreElements()) { String paramName = reqHeaderNames.nextElement(); - if (StringUtils.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) - executionContext.put(paramName, StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName))); + if (StringUtils.isNotEmpty(paramName) + && at.gv.egiz.eaaf.core.impl.utils.ArrayUtils.containsCaseInsensitive(paramName, reqHeaderWhiteListeForModules) + //reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) + ) + executionContext.put(paramName.toLowerCase(), StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName))); } } + + //populate more IDP specific information to execution context populateExecutionContext(executionContext, pendingReq, httpReq); @@ -269,7 +274,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa startProcessEngine(pendingReq, executionContext); } - + /** * * diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java new file mode 100644 index 00000000..f399ee75 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java @@ -0,0 +1,22 @@ +package at.gv.egiz.eaaf.core.impl.utils; + +import java.util.List; + +public class ArrayUtils { + + /** + * Check if a String 's' is part of a List 'l' in qualsIgnoreCase mode + * + * @param s Search String + * @param l List of String elements + * @return true if 's' is in 'l', otherwise false + */ + public static boolean containsCaseInsensitive(String s, List<String> l){ + if (l == null || s == null) + return false; + + return l.stream().anyMatch(x -> x.equalsIgnoreCase(s)); + + } + +} |