incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r1029803 - /sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/impl/OpenIDAuthenticationHandler.java
Date Mon, 01 Nov 2010 19:36:32 GMT
Author: fmeschbe
Date: Mon Nov  1 19:36:32 2010
New Revision: 1029803

URL: http://svn.apache.org/viewvc?rev=1029803&view=rev
Log:
SLING-1857 Do not encode the resource path when used as the
returnTo path (this is done by the OpenID library). Likewise decoding
is not needed either. But before redirecting to the final target after
validating the OpenID response we have to include the request
parameters to save them (from the first request)

Modified:
    sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/impl/OpenIDAuthenticationHandler.java

Modified: sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/impl/OpenIDAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/impl/OpenIDAuthenticationHandler.java?rev=1029803&r1=1029802&r2=1029803&view=diff
==============================================================================
--- sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/impl/OpenIDAuthenticationHandler.java
(original)
+++ sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/impl/OpenIDAuthenticationHandler.java
Mon Nov  1 19:36:32 2010
@@ -19,9 +19,6 @@
 package org.apache.sling.auth.openid.impl;
 
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-import java.net.URLEncoder;
 import java.net.UnknownHostException;
 import java.util.Dictionary;
 import java.util.HashMap;
@@ -323,7 +320,7 @@ public class OpenIDAuthenticationHandler
 
                     if (relyingParty.verifyAuth(user, request, response)) {
                         // authenticated
-                        response.sendRedirect(getDecodedReturnToResource(request));
+                        response.sendRedirect(getReturnToResource(request));
                         return AuthenticationInfo.DOING_AUTH;
                     }
 
@@ -350,8 +347,7 @@ public class OpenIDAuthenticationHandler
                 final String trustRoot = (realm == null) ? url : realm;
 
                 // append the resource URL to the returnTo address
-                final String returnTo = url
-                    + getEncodedReturnToResource(request);
+                final String returnTo = url + getReturnToPath(request);
 
                 if (relyingParty.associateAndAuthenticate(user, request,
                     response, trustRoot, trustRoot, returnTo)) {
@@ -796,15 +792,13 @@ public class OpenIDAuthenticationHandler
      * Returns the resource to use as the OpenID returnTo path. This resource is
      * either set as a the resource request attribute or parameter or is derived
      * from the current request (URI plus query string). Next the resource is
-     * URL encoded and prefixed with the request context path to ensure it is
-     * properly transmitted accross the OpenID redirection series.
+     * prefixed with the request context path to ensure it is properly
+     * transmitted accross the OpenID redirection series.
      *
      * @param request The request providing the returnTo URL information
-     * @return The properly encoded returnTo URL path.
-     * @throws InternalError If the platform does not support UTF-8 encoding,
-     *             which is considered a major problem..
+     * @return The properly setup returnTo URL path.
      */
-    private String getEncodedReturnToResource(final HttpServletRequest request) {
+    private String getReturnToPath(final HttpServletRequest request) {
         // find the return to parameter with optional request parameters
         String resource = getLoginResource(request, null);
         if (resource == null) {
@@ -814,48 +808,28 @@ public class OpenIDAuthenticationHandler
             }
         }
 
+        // prefix with the context path if not empty
         String prefix = request.getContextPath();
-        if (prefix.length() == 0) {
-            prefix = "/";
-        }
-
-        try {
-            return prefix + URLEncoder.encode(resource, "UTF-8");
-        } catch (UnsupportedEncodingException uee) {
-            throw new InternalError("Unexpected UnsupportedEncodingException for UTF-8");
-        }
+        return prefix.length() > 0 ? prefix.concat(resource) : resource;
     }
 
     /**
-     * Returns the decoded target URL to which the client is to be redirected.
-     * This is the path from the returnTo parameter sent on the initial OpenID
+     * Returns the target resource to which the client is to be redirected. This
+     * is the path from the returnTo parameter sent on the initial OpenID
      * redirect which has been encoded with
      * {@link #getEncodedReturnToResource(HttpServletRequest)}. Thus this method
      * must do the reverse operations, namely cutting of the request context
-     * path prefix and URL decoding the remaing part of the request URL.
+     * path prefix.
      *
      * @param request The request providing the request URL and context path
-     * @return the decoded path to which the client is be redirected after
-     *         successful OpenID authentication
-     * @throws InternalError If the platform does not support UTF-8 encoding,
-     *             which is considered a major problem..
+     * @return the path to which the client is be redirected after successful
+     *         OpenID authentication
      */
-    private String getDecodedReturnToResource(final HttpServletRequest request) {
-        String resource = request.getRequestURI();
-
-        String prefix = request.getContextPath();
-        if (prefix.length() == 0) {
-            prefix = "/";
-        }
-
-        if (resource.startsWith(prefix)) {
-            resource = resource.substring(prefix.length());
-        }
-
-        try {
-            return URLDecoder.decode(resource, "UTF-8");
-        } catch (UnsupportedEncodingException uee) {
-            throw new InternalError("Unexpected UnsupportedEncodingException for UTF-8");
+    private String getReturnToResource(final HttpServletRequest request) {
+        final String resource = request.getRequestURI();
+        if (request.getQueryString() != null) {
+            return resource + "?" + request.getQueryString();
         }
+        return resource;
     }
 }
\ No newline at end of file



Mime
View raw message