From c7f57bf447d5ec6883ce53d64559ae50462dd570 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 25 Jul 2018 13:03:27 +0200 Subject: fix bug in auth/AbstractAuthenticationManager.java which adds http header names without toLowerCase() --- .../core/impl/idp/auth/AbstractAuthenticationManager.java | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java index 1fb4bf6b..afadeb61 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java @@ -256,12 +256,17 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa Enumeration reqHeaderNames = httpReq.getHeaderNames(); while(reqHeaderNames.hasMoreElements()) { String paramName = reqHeaderNames.nextElement(); - if (StringUtils.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) - executionContext.put(paramName, StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName))); + if (StringUtils.isNotEmpty(paramName) + && at.gv.egiz.eaaf.core.impl.utils.ArrayUtils.containsCaseInsensitive(paramName, reqHeaderWhiteListeForModules) + //reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) + ) + executionContext.put(paramName.toLowerCase(), StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName))); } } + + //populate more IDP specific information to execution context populateExecutionContext(executionContext, pendingReq, httpReq); @@ -269,7 +274,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa startProcessEngine(pendingReq, executionContext); } - + /** * * -- cgit v1.2.3