cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject [02/27] cxf git commit: [CXF-6985] URL-encoding the state parameter
Date Mon, 08 Aug 2016 01:50:22 GMT
[CXF-6985] URL-encoding the state parameter


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c2af9591
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c2af9591
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c2af9591

Branch: refs/heads/master-jaxrs-2.1
Commit: c2af9591a9208f136bac4590e06a39392cfe0a9a
Parents: 8fdb091
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Aug 2 14:29:50 2016 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Aug 2 14:29:50 2016 +0100

----------------------------------------------------------------------
 .../rs/security/oauth2/services/AbstractImplicitGrantService.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c2af9591/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index 446f82c..0beae41 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -139,7 +139,8 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
     protected void finalizeResponse(StringBuilder sb, OAuthRedirectionState state) {
         if (state.getState() != null) {
             sb.append("&");
-            sb.append(OAuthConstants.STATE).append("=").append(state.getState());   
+            String stateParam = state.getState();
+            sb.append(OAuthConstants.STATE).append("=").append(HttpUtils.urlEncode(stateParam));
  
         }
         if (reportClientId) {
             sb.append("&").append(OAuthConstants.CLIENT_ID).append("=").append(state.getClientId());


Mime
View raw message