diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-12-09 09:42:28 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-12-09 09:42:28 +0100 |
commit | b43a2503c27d51bdac0d7b75d73aca461075530f (patch) | |
tree | ce90ed9bdbb600876e10e2b1c4fd2f9fec8f4707 /id/server | |
parent | 50d22cf47baacb83879412a6046983366af669e3 (diff) | |
download | moa-id-spss-b43a2503c27d51bdac0d7b75d73aca461075530f.tar.gz moa-id-spss-b43a2503c27d51bdac0d7b75d73aca461075530f.tar.bz2 moa-id-spss-b43a2503c27d51bdac0d7b75d73aca461075530f.zip |
fix bug in OpenID protocol implementation that generates a wrong encoded error response
Diffstat (limited to 'id/server')
-rw-r--r-- | id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 118c53f6b..75ea41449 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -204,9 +204,11 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode); OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription); - if (MiscUtil.isNotEmpty(moaError)) - OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError); OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state); + if (MiscUtil.isNotEmpty(moaError)) + OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, + URLEncoder.encode(errorUri + "#" + moaError, "UTF-8")); + response.setContentType("text/html"); response.setStatus(HttpServletResponse.SC_FOUND); @@ -220,7 +222,8 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { Map<String, Object> params = new HashMap<String, Object>(); params.put(OAuth20Constants.PARAM_ERROR, errorCode); params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription); - params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError); + params.put(OAuth20Constants.PARAM_ERROR_URI, + URLEncoder.encode(errorUri + "#" + moaError, "UTF-8")); // create response JsonObject jsonObject = new JsonObject(); |