Tells spring security to allow URLs with percent and semicolon charac…

…ters (#159)
duracloud · Dec 8, 2021 · f1546cb · f1546cb
1 parent 65fed5e
commit f1546cb
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/duradmin/src/main/webapp/WEB-INF/config/security-config.xml b/duradmin/src/main/webapp/WEB-INF/config/security-config.xml
@@ -100,5 +100,11 @@
   <beans:bean id="webexpressionHandler"
               class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
 
+  <beans:bean id="allowCharactersHttpFirewall"
+              class="org.springframework.security.web.firewall.StrictHttpFirewall">
+    <beans:property name="allowUrlEncodedPercent" value="true"/>
+    <beans:property name="allowSemicolon" value="true"/>
+  </beans:bean>
+  <http-firewall ref="allowCharactersHttpFirewall"/>
 
 </beans:beans>
diff --git a/durastore/src/main/webapp/WEB-INF/config/security-config.xml b/durastore/src/main/webapp/WEB-INF/config/security-config.xml
@@ -122,4 +122,11 @@
     <beans:constructor-arg value="256"/>
   </beans:bean>
 
+  <beans:bean id="allowCharactersHttpFirewall"
+              class="org.springframework.security.web.firewall.StrictHttpFirewall">
+    <beans:property name="allowUrlEncodedPercent" value="true"/>
+    <beans:property name="allowSemicolon" value="true"/>
+  </beans:bean>
+  <http-firewall ref="allowCharactersHttpFirewall"/>
+
 </beans:beans>