import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
-import java.net.URL;
+import java.net.URI;
+import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.util.Formatter;
Object snAttr = request.getAttribute("HTTP_SHIB_PERSON_SURNAME"); // Multi-valued
Object mailAttr = request.getAttribute("HTTP_SHIB_INETORGPERSON_MAIL"); // Multi-valued
Object userclassAttr = request.getAttribute("HTTP_SHIB_EP_UNSCOPEDAFFILIATION"); // Multi-valued
+ // Use a configured test username if found, as a shortcut for development deployments.
+ if (getConfiguration().getString("testUsername") != null)
+ usernameAttr = getConfiguration().getString("testUsername");
if (usernameAttr == null) {
String authErrorUrl = "authenticationError.jsp";
authErrorUrl += "?name=" + (nameAttr==null? "-": nameAttr.toString());
String userEncoded = URLEncoder.encode(user.getUsername(), "US-ASCII");
if (logger.isDebugEnabled())
logger.debug("user: "+userEncoded+" token: "+tokenEncoded);
- if (nextUrl != null) {
- URL next = new URL(nextUrl);
+ if (nextUrl != null && !nextUrl.isEmpty()) {
+ URI next;
+ try {
+ next = new URI(nextUrl);
+ } catch (URISyntaxException e) {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ return;
+ }
String domain = next.getHost();
String path = next.getPath();
Cookie cookie = new Cookie(AUTH_COOKIE, userEncoded + COOKIE_SEPARATOR +