aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
authorFlorian Reimair <florian.reimair@iaik.tugraz.at>2015-03-24 12:18:49 +0100
committerFlorian Reimair <florian.reimair@iaik.tugraz.at>2015-03-24 13:59:31 +0100
commite98bdf2b39ecb9100e64c8077752ed7c4ed883b3 (patch)
tree69831d31babb00a4eca6d2adbc307d257fc29b1a /id/server/idserverlib/src/main/java
parent443787eddd778e5388cba643413531981edc50ed (diff)
downloadmoa-id-spss-e98bdf2b39ecb9100e64c8077752ed7c4ed883b3.tar.gz
moa-id-spss-e98bdf2b39ecb9100e64c8077752ed7c4ed883b3.tar.bz2
moa-id-spss-e98bdf2b39ecb9100e64c8077752ed7c4ed883b3.zip
escaped attribute values for saml1 responses
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java7
1 files changed, 7 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index ea1526ff0..3809ec4bc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -39,6 +39,7 @@ import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.stream.StreamSource;
import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringEscapeUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
@@ -286,6 +287,12 @@ public class STORKResponseProcessor {
Object attributeValue = attribute.getValue();
if (null == attributeValue)
attributeValue = attribute.getComplexValue();
+
+ // escape attributeValue
+ attributeValue = StringEscapeUtils.escapeXml10(attributeValue.toString());
+ // and remove trailing and tailing brackets. Might break something but we never saw an array with more than one entry!
+ attributeValue = ((String) attributeValue).substring(1, ((String) attributeValue).length() - 1);
+
ExtendedSAMLAttribute extendedSAMLAttribute =
new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);