diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index a24683545..e093ce1e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -317,9 +317,10 @@ public class AuthenticationManager extends MOAIDAuthConstants { * @param httpReqParam http parameter name, but never null */ public void addParameterNameToWhiteList(String httpReqParam) { - if (MiscUtil.isNotEmpty(httpReqParam)) - reqParameterWhiteListeForModules.add(httpReqParam); - + if (MiscUtil.isNotEmpty(httpReqParam)) { + if (!reqParameterWhiteListeForModules.contains(httpReqParam)) + reqParameterWhiteListeForModules.add(httpReqParam); + } } /** @@ -328,8 +329,11 @@ public class AuthenticationManager extends MOAIDAuthConstants { * @param httpReqParam http header name, but never null */ public void addHeaderNameToWhiteList(String httpReqParam) { - if (MiscUtil.isNotEmpty(httpReqParam)) - reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase()); + if (MiscUtil.isNotEmpty(httpReqParam)) { + if (!reqHeaderWhiteListeForModules.contains(httpReqParam.toLowerCase())) + reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase()); + + } } @@ -439,8 +443,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { while(reqHeaderNames.hasMoreElements()) { String paramName = reqHeaderNames.nextElement(); if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) { - executionContext.put(paramName, - StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName))); + executionContext.put(paramName.toLowerCase(), + StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName.toLowerCase()))); } } } |