aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-12-09 09:42:28 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-12-09 09:42:28 +0100
commitb43a2503c27d51bdac0d7b75d73aca461075530f (patch)
treece90ed9bdbb600876e10e2b1c4fd2f9fec8f4707 /id/server
parent50d22cf47baacb83879412a6046983366af669e3 (diff)
downloadmoa-id-spss-b43a2503c27d51bdac0d7b75d73aca461075530f.tar.gz
moa-id-spss-b43a2503c27d51bdac0d7b75d73aca461075530f.tar.bz2
moa-id-spss-b43a2503c27d51bdac0d7b75d73aca461075530f.zip
fix bug in OpenID protocol implementation that generates a wrong encoded error response
Diffstat (limited to 'id/server')
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java9
1 files changed, 6 insertions, 3 deletions
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 118c53f6b..75ea41449 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -204,9 +204,11 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController {
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode);
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
- if (MiscUtil.isNotEmpty(moaError))
- OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state);
+ if (MiscUtil.isNotEmpty(moaError))
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI,
+ URLEncoder.encode(errorUri + "#" + moaError, "UTF-8"));
+
response.setContentType("text/html");
response.setStatus(HttpServletResponse.SC_FOUND);
@@ -220,7 +222,8 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController {
Map<String, Object> params = new HashMap<String, Object>();
params.put(OAuth20Constants.PARAM_ERROR, errorCode);
params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
- params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
+ params.put(OAuth20Constants.PARAM_ERROR_URI,
+ URLEncoder.encode(errorUri + "#" + moaError, "UTF-8"));
// create response
JsonObject jsonObject = new JsonObject();