Remove vmc headers to prevent duplicates

dsyer · Mar 14, 2013 · f1c5d3a · f1c5d3a
1 parent d0b830e
commit f1c5d3a
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/main/java/org/cloudfoundry/identity/uaa/login/RemoteUaaController.java b/src/main/java/org/cloudfoundry/identity/uaa/login/RemoteUaaController.java
@@ -74,6 +74,12 @@ public class RemoteUaaController {
 
 	private static final String CONTENT_LENGTH = "Content-Length";
 
+	private static final String CONTENT_TYPE = "Content-Type";
+
+	private static final String ACCEPT = "Accept";
+
+	private static final String AUTHORIZATION = "Authorization";
+
 	private static final String TRANSFER_ENCODING = "Transfer-Encoding";
 
 	private static final String HOST = "Host";
@@ -271,13 +277,17 @@ public ModelAndView startAuthorization(HttpServletRequest request, @RequestParam
 		if (principal != null) {
 			map.set("source", "login");
 			map.setAll(getLoginCredentials(principal));
+			map.remove("credentials"); // legacy vmc might break otherwise
 		}
 		else {
 			throw new BadCredentialsException("No principal found in authorize endpoint");
 		}
 
 		HttpHeaders requestHeaders = new HttpHeaders();
 		requestHeaders.putAll(getRequestHeaders(headers));
+		requestHeaders.remove(AUTHORIZATION.toLowerCase());
+		requestHeaders.remove(ACCEPT.toLowerCase());
+		requestHeaders.remove(CONTENT_TYPE.toLowerCase());
 		requestHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
 		requestHeaders.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
 		requestHeaders.remove(COOKIE);