diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java index 80cf6e118..0ad1c3211 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java @@ -18,10 +18,13 @@ package org.mitre.openid.connect.client; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.math.BigInteger; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URLEncoder; import java.security.PublicKey; import java.security.SecureRandom; import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; import java.util.Arrays; import java.util.Date; import java.util.Enumeration; @@ -35,8 +38,12 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; +import org.apache.http.NameValuePair; import org.apache.http.client.HttpClient; +import org.apache.http.client.utils.URIUtils; +import org.apache.http.client.utils.URLEncodedUtils; import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.message.BasicNameValuePair; import org.mitre.jwt.model.JwtClaims; import org.mitre.jwt.signer.JwsAlgorithm; import org.mitre.jwt.signer.JwtSigner; @@ -46,6 +53,7 @@ import org.mitre.jwt.signer.service.impl.JwtSigningAndValidationServiceDefault; import org.mitre.key.fetch.KeyFetcher; import org.mitre.openid.connect.config.OIDCServerConfiguration; import org.mitre.openid.connect.model.IdToken; +import org.springframework.http.HttpMethod; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; @@ -60,6 +68,7 @@ import org.springframework.web.client.RestTemplate; import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonParser; +import com.sun.xml.ws.mex.client.schema.GetMetadata; /** * Abstract OpenID Connect Authentication Filter class @@ -97,10 +106,12 @@ public class AbstractOIDCAuthenticationFilter extends public static String buildRedirectURI(HttpServletRequest request, String[] ignoreFields) { List ignore = (ignoreFields != null) ? Arrays.asList(ignoreFields) : null; - + boolean isFirst = true; StringBuffer sb = request.getRequestURL(); + List queryparams = new ArrayList(); + for (Enumeration e = request.getParameterNames(); e.hasMoreElements();) { @@ -115,21 +126,23 @@ public class AbstractOIDCAuthenticationFilter extends if (value == null) { continue; } + + queryparams.add(new BasicNameValuePair(name,value)); - if (isFirst) { - sb.append("?"); - isFirst = false; - } + //if (isFirst) { + // sb.append("?"); + // isFirst = false; + //} - sb.append(name).append("=").append(value); + //sb.append(name).append("=").append(value); - if (e.hasMoreElements()) { - sb.append("&"); - } + //if (e.hasMoreElements()) { + // sb.append("&"); + //} } + } - - return sb.toString(); + return sb.append("?").append(URLEncodedUtils.format(queryparams, "UTF-8")).toString(); } /** @@ -147,28 +160,15 @@ public class AbstractOIDCAuthenticationFilter extends * parameters. */ public static String buildURL(String baseURI, Map queryStringFields) { -// TODO: replace this with URIUtils call StringBuilder URLBuilder = new StringBuilder(baseURI); - + List queryparams = new ArrayList(); char appendChar = '?'; - - for (Map.Entry param : queryStringFields.entrySet()) { - - try { - - URLBuilder.append(appendChar) - .append(param.getKey()) - .append('=') - .append(URLEncoder.encode(param.getValue(), "UTF-8")); - - } catch (UnsupportedEncodingException uee) { - - throw new IllegalStateException(uee); - - } - - appendChar = '&'; + + // build a NameValuePair list for the query paramaters + for (Map.Entry param : queryStringFields.entrySet()){ + queryparams.add(new BasicNameValuePair(param.getKey(),param.getValue())); } + URLBuilder.append(appendChar).append(URLEncodedUtils.format(queryparams, "UTF-8")); return URLBuilder.toString(); }