aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java12
1 files changed, 8 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index ce15b75bd..6802005f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -41,6 +41,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.apache.commons.lang.StringEscapeUtils;
+
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.MOAIDException;
@@ -117,12 +119,15 @@ public class ProxyServlet extends HttpServlet {
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Logger.debug("getRequestURL:" + req.getRequestURL().toString());
- //@TODO Parameter
+
+ String artifact = req.getParameter(PARAM_SAMLARTIFACT);
+ artifact = StringEscapeUtils.escapeHtml(artifact);
+
try {
- if (req.getParameter(PARAM_SAMLARTIFACT) != null) {
+ if (artifact != null) {
// check if SAML Artifact was already used in this session (in case of page reload)
HttpSession session = req.getSession();
- if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
+ if (null != session && artifact.equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
if (session.getAttribute(ATT_BROWSERREQU)==null) {
tunnelRequest(req, resp);
}else{
@@ -498,7 +503,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map
Vector parameters = new Vector();
-//@TODO Parameter
for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) {
String paramName = (String) enu.nextElement();
if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-30 11:03:42 +0000