Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

SECOAUTH-385: fix broken URI query string parsing

  • Loading branch information...
commit 59a6eae63b952063c62a5cb8427b23031f3c9f49 1 parent f50bf5c
Dave Syer dsyer authored
13 ...ty-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientContextFilter.java
View
@@ -18,13 +18,12 @@
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.common.DefaultThrowableAnalyzer;
import org.springframework.security.web.DefaultRedirectStrategy;
-import org.springframework.security.web.PortResolver;
-import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.util.Assert;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
import org.springframework.web.util.NestedServletException;
+import org.springframework.web.util.UriComponents;
/**
* Security filter for an OAuth2 client.
@@ -40,8 +39,6 @@
*/
public static final String CURRENT_URI = "currentUri";
- private PortResolver portResolver = new PortResolverImpl();
-
private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@@ -123,7 +120,9 @@ protected void redirectUser(UserRedirectRequiredException e, HttpServletRequest
* @return The current uri.
*/
protected String calculateCurrentUri(HttpServletRequest request) throws UnsupportedEncodingException {
- return ServletUriComponentsBuilder.fromRequest(request).replaceQueryParam("code").build(true).toUriString();
+ UriComponents uri = ServletUriComponentsBuilder.fromRequest(request).replaceQuery(request.getQueryString().replace("+", "%20")).replaceQueryParam("code").build(true);
+ String query = uri.getQuery().replace("%20", "+");
+ return ServletUriComponentsBuilder.fromUri(uri.toUri()).replaceQuery(query).build().toString();
}
public void init(FilterConfig filterConfig) throws ServletException {
@@ -136,10 +135,6 @@ public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer) {
this.throwableAnalyzer = throwableAnalyzer;
}
- public void setPortResolver(PortResolver portResolver) {
- this.portResolver = portResolver;
- }
-
public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
this.redirectStrategy = redirectStrategy;
}
16 ...auth2/src/test/java/org/springframework/security/oauth2/client/filter/TestOAuth2ClientContextFilter.java
View
@@ -19,6 +19,22 @@ public void testVanillaCurrentUri() throws Exception {
}
@Test
+ public void testCurrentUriWithLegalSpaces() throws Exception {
+ OAuth2ClientContextFilter filter = new OAuth2ClientContextFilter();
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setQueryString("foo=bar%20spam");
+ assertEquals("http://localhost?foo=bar+spam", filter.calculateCurrentUri(request));
+ }
+
+ @Test
+ public void testCurrentUriWithIllegalSpaces() throws Exception {
+ OAuth2ClientContextFilter filter = new OAuth2ClientContextFilter();
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setQueryString("foo=bar+spam");
+ assertEquals("http://localhost?foo=bar+spam", filter.calculateCurrentUri(request));
+ }
+
+ @Test
public void testCurrentUriRemovingCode() throws Exception {
OAuth2ClientContextFilter filter = new OAuth2ClientContextFilter();
MockHttpServletRequest request = new MockHttpServletRequest();
Please sign in to comment.
Something went wrong with that request. Please try again.