You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by sa...@apache.org on 2015/01/13 10:34:46 UTC

[2/7] git commit: updated refs/heads/vmware-disk-controllers to 06d4458

CLOUDSTACK-8037: URL encode cookie values with UTF8 as per version 1

As per Version 1 cookies, certain characters are now allowed such as space,
colons etc but they should be url encoded using UTF8 encoding. The frontend
has a cookie value unboxing method that removes any double quotes that are added.

As per the doc http://download.oracle.com/javase/6/docs/api/java/net/URLEncoder.html
values are application/x-www-form-urlencoded and as per
http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4 whitespaces are encoded
as +, therefore '+' are replaced by %20 (whitespace).

Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 734bd70173c36508f0fc13a30c3aa8006814c019)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/173710d5
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/173710d5
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/173710d5

Branch: refs/heads/vmware-disk-controllers
Commit: 173710d5b48d1a34996f15c3ff1bd80938639b94
Parents: 0b94f25
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Mon Jan 12 13:56:25 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Jan 12 14:03:09 2015 +0530

----------------------------------------------------------------------
 .../api/command/SAML2LoginAPIAuthenticatorCmd.java           | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/173710d5/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index 913c1ae..e1ccc02 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -270,14 +270,14 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent
                     try {
                         if (_apiServer.verifyUser(user.getId())) {
                             LoginCmdResponse loginResponse = (LoginCmdResponse) _apiServer.loginUser(session, username, user.getPassword(), domainId, null, remoteAddress, params);
-                            resp.addCookie(new Cookie("userid", loginResponse.getUserId()));
-                            resp.addCookie(new Cookie("domainid", loginResponse.getDomainId()));
-                            resp.addCookie(new Cookie("role", loginResponse.getType()));
+                            resp.addCookie(new Cookie("userid", URLEncoder.encode(loginResponse.getUserId(), HttpUtils.UTF_8)));
+                            resp.addCookie(new Cookie("domainid", URLEncoder.encode(loginResponse.getDomainId(), HttpUtils.UTF_8)));
+                            resp.addCookie(new Cookie("role", URLEncoder.encode(loginResponse.getType(), HttpUtils.UTF_8)));
                             resp.addCookie(new Cookie("username", URLEncoder.encode(loginResponse.getUsername(), HttpUtils.UTF_8)));
                             resp.addCookie(new Cookie("sessionKey", URLEncoder.encode(loginResponse.getSessionKey(), HttpUtils.UTF_8)));
                             resp.addCookie(new Cookie("account", URLEncoder.encode(loginResponse.getAccount(), HttpUtils.UTF_8)));
                             resp.addCookie(new Cookie("timezone", URLEncoder.encode(loginResponse.getTimeZone(), HttpUtils.UTF_8)));
-                            resp.addCookie(new Cookie("userfullname", loginResponse.getFirstName() + "%20" + loginResponse.getLastName()));
+                            resp.addCookie(new Cookie("userfullname", URLEncoder.encode(loginResponse.getFirstName() + " " + loginResponse.getLastName(), HttpUtils.UTF_8).replace("+", "%20")));
                             resp.sendRedirect(_configDao.getValue(Config.SAMLCloudStackRedirectionUrl.key()));
                             return ApiResponseSerializer.toSerializedString(loginResponse, responseType);