diff options
author | Florian Reimair <florian.reimair@iaik.tugraz.at> | 2015-03-24 12:18:49 +0100 |
---|---|---|
committer | Florian Reimair <florian.reimair@iaik.tugraz.at> | 2015-03-24 13:59:31 +0100 |
commit | e98bdf2b39ecb9100e64c8077752ed7c4ed883b3 (patch) | |
tree | 69831d31babb00a4eca6d2adbc307d257fc29b1a /id/server/idserverlib/src/main/java | |
parent | 443787eddd778e5388cba643413531981edc50ed (diff) | |
download | moa-id-spss-e98bdf2b39ecb9100e64c8077752ed7c4ed883b3.tar.gz moa-id-spss-e98bdf2b39ecb9100e64c8077752ed7c4ed883b3.tar.bz2 moa-id-spss-e98bdf2b39ecb9100e64c8077752ed7c4ed883b3.zip |
escaped attribute values for saml1 responses
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index ea1526ff0..3809ec4bc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -39,6 +39,7 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.stream.StreamSource;
import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringEscapeUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
@@ -286,6 +287,12 @@ public class STORKResponseProcessor { Object attributeValue = attribute.getValue();
if (null == attributeValue)
attributeValue = attribute.getComplexValue();
+
+ // escape attributeValue
+ attributeValue = StringEscapeUtils.escapeXml10(attributeValue.toString());
+ // and remove trailing and tailing brackets. Might break something but we never saw an array with more than one entry!
+ attributeValue = ((String) attributeValue).substring(1, ((String) attributeValue).length() - 1);
+
ExtendedSAMLAttribute extendedSAMLAttribute =
new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
|