cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6985] URL-encoding the state parameter
Date Tue, 02 Aug 2016 13:31:05 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 35afaf3dc -> f00d7da9a


[CXF-6985] URL-encoding the state parameter


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f00d7da9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f00d7da9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f00d7da9

Branch: refs/heads/3.1.x-fixes
Commit: f00d7da9a042cf2f444f9adafabaaaf9b09019b2
Parents: 35afaf3
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Aug 2 14:29:50 2016 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Aug 2 14:30:53 2016 +0100

----------------------------------------------------------------------
 .../rs/security/oauth2/services/AbstractImplicitGrantService.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f00d7da9/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index 446f82c..0beae41 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -139,7 +139,8 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
     protected void finalizeResponse(StringBuilder sb, OAuthRedirectionState state) {
         if (state.getState() != null) {
             sb.append("&");
-            sb.append(OAuthConstants.STATE).append("=").append(state.getState());   
+            String stateParam = state.getState();
+            sb.append(OAuthConstants.STATE).append("=").append(HttpUtils.urlEncode(stateParam));
  
         }
         if (reportClientId) {
             sb.append("&").append(OAuthConstants.CLIENT_ID).append("=").append(state.getClientId());


Mime
View raw message