You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/01/22 17:17:29 UTC
cxf-fediz git commit: Loosen the scheme restriction for the IdP
Repository: cxf-fediz
Updated Branches:
refs/heads/1.2.x-fixes db2f2a3ca -> fc77fdd84
Loosen the scheme restriction for the IdP
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/fc77fdd8
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/fc77fdd8
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/fc77fdd8
Branch: refs/heads/1.2.x-fixes
Commit: fc77fdd84ab32165367516088e6a2e16b4174879
Parents: db2f2a3
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jan 22 13:58:14 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jan 22 16:17:22 2016 +0000
----------------------------------------------------------------------
.../org/apache/cxf/fediz/service/idp/beans/STSClientAction.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fc77fdd8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index 033d5c6..fc47c23 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -313,8 +313,8 @@ public class STSClientAction {
(String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REPLY);
// Validate it first using commons-validator
- String[] schemes = {"https"};
- UrlValidator urlValidator = new UrlValidator(schemes, UrlValidator.ALLOW_LOCAL_URLS);
+ UrlValidator urlValidator = new UrlValidator(UrlValidator.ALLOW_LOCAL_URLS
+ + UrlValidator.ALLOW_ALL_SCHEMES);
if (!urlValidator.isValid(wreply)) {
LOG.warn("The given wreply parameter {} is not a valid URL", wreply);
throw new ProcessingException(TYPE.BAD_REQUEST);