Properly encode the nonce in order to avoid modifications by the servlet container.

author pastith <devnull@localhost>

Thu, 19 Feb 2009 11:50:32 +0000 (11:50 +0000)

committer pastith <devnull@localhost>

Thu, 19 Feb 2009 11:50:32 +0000 (11:50 +0000)
author pastith <devnull@localhost>
Thu, 19 Feb 2009 11:50:32 +0000 (11:50 +0000)
committer pastith <devnull@localhost>
Thu, 19 Feb 2009 11:50:32 +0000 (11:50 +0000)
diff --git a/gss/src/gr/ebs/gss/server/Login.java b/gss/src/gr/ebs/gss/server/Login.java

index 288ae14..0179e15 100644 (file)
--- a/gss/src/gr/ebs/gss/server/Login.java
+++ b/gss/src/gr/ebs/gss/server/Login.java
@@ -173,6 +173,7 @@ public class Login extends HttpServlet {
                     response.addCookie(cookie);
                     response.sendRedirect(nextUrl);
                 } else if (nonce != null) {
+                       nonce = URLEncoder.encode(nonce, "US-ASCII");
                         Nonce n = null;
                         try {
                                 if (logger.isDebugEnabled())
diff --git a/gss/src/gr/ebs/gss/server/NonceIssuer.java b/gss/src/gr/ebs/gss/server/NonceIssuer.java

index 12e5114..d3f6558 100644 (file)
--- a/gss/src/gr/ebs/gss/server/NonceIssuer.java
+++ b/gss/src/gr/ebs/gss/server/NonceIssuer.java
@@ -35,7 +35,6 @@ import javax.servlet.http.HttpServlet;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  
-import org.apache.commons.codec.binary.Base64;
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
  
@@ -115,11 +114,10 @@ public class NonceIssuer extends HttpServlet {
                         response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
                         return;
                 }
-               String nonceEncoded = new String(Base64.encodeBase64(nonce.getNonce()), "US-ASCII");
                 if (logger.isDebugEnabled())
-                       logger.debug("user: "+user.getUsername()+" nonce: "+nonceEncoded);
+                       logger.debug("user: "+user.getUsername()+" nonce: "+nonce.getEncodedNonce());
                 response.setContentType("text/plain");
             PrintWriter out = response.getWriter();
-           out.println(nonceEncoded);
+           out.println(nonce.getEncodedNonce());
         }
  }
diff --git a/gss/src/gr/ebs/gss/server/domain/Nonce.java b/gss/src/gr/ebs/gss/server/domain/Nonce.java

index 3864ad3..51cd950 100644 (file)
--- a/gss/src/gr/ebs/gss/server/domain/Nonce.java
+++ b/gss/src/gr/ebs/gss/server/domain/Nonce.java
@@ -19,6 +19,7 @@
  package gr.ebs.gss.server.domain;
  
  import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
  import java.security.SecureRandom;
  import java.util.Calendar;
  import java.util.Date;
@@ -137,7 +138,7 @@ public class Nonce {
                 cal.add(Calendar.MINUTE, 5);
                 n.nonceExpiryDate = cal.getTime();
                 try {
-                       n.encodedNonce = new String(Base64.encodeBase64(n.nonce), "US-ASCII");
+                       n.encodedNonce = URLEncoder.encode(new String(Base64.encodeBase64(n.nonce), "US-ASCII"), "US-ASCII");
                 } catch (UnsupportedEncodingException e) {
                         logger.error(e);
                 }
author	pastith <devnull@localhost>
	Thu, 19 Feb 2009 11:50:32 +0000 (11:50 +0000)
committer	pastith <devnull@localhost>
	Thu, 19 Feb 2009 11:50:32 +0000 (11:50 +0000)
gss/src/gr/ebs/gss/server/Login.java		patch \| blob \| history
gss/src/gr/ebs/gss/server/NonceIssuer.java		patch \| blob \| history
gss/src/gr/ebs/gss/server/domain/Nonce.java		patch \| blob \| history