From fd2653f383b55da5e79cd5c65bdb0df7a56ed635 Mon Sep 17 00:00:00 2001 From: maxcooper Date: Sat, 25 Oct 2003 12:43:21 +0000 Subject: [PATCH] FIXED bug #783697: infinite loop if login or error page URIs have a query string --- .../authenticator/FormAuthenticator.java | 26 +++++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/src/share/org/securityfilter/authenticator/FormAuthenticator.java b/src/share/org/securityfilter/authenticator/FormAuthenticator.java index aa1fe2c..2f80458 100644 --- a/src/share/org/securityfilter/authenticator/FormAuthenticator.java +++ b/src/share/org/securityfilter/authenticator/FormAuthenticator.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.2 2003/10/25 10:49:03 maxcooper Exp $ - * $Revision: 1.2 $ - * $Date: 2003/10/25 10:49:03 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.3 2003/10/25 12:43:21 maxcooper Exp $ + * $Revision: 1.3 $ + * $Date: 2003/10/25 12:43:21 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -68,7 +68,7 @@ import java.security.Principal; * FormAuthenticator - authenticator implementation for the FORM auth method. * * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.2 $ $Date: 2003/10/25 10:49:03 $ + * @version $Revision: 1.3 $ $Date: 2003/10/25 12:43:21 $ */ public class FormAuthenticator implements Authenticator { @@ -112,11 +112,11 @@ public class FormAuthenticator implements Authenticator { // login page loginPage = securityConfig.getLoginPage(); - loginPagePattern = patternFactory.createURLPattern(loginPage, null, null, 0); + loginPagePattern = patternFactory.createURLPattern(stripQueryString(loginPage), null, null, 0); // error page errorPage = securityConfig.getErrorPage(); - errorPagePattern = patternFactory.createURLPattern(errorPage, null, null, 0); + errorPagePattern = patternFactory.createURLPattern(stripQueryString(errorPage), null, null, 0); } /** @@ -212,6 +212,20 @@ public class FormAuthenticator implements Authenticator { String requestURL = request.getMatchableURL(); return patternMatcher.match(requestURL, loginPagePattern) || patternMatcher.match(requestURL, errorPagePattern); } + + /** + * Utility method to strip the query string from a uri. + * + * @param uri + * @return uri with query string removed (if it had one) + */ + private String stripQueryString(String uri) { + int queryStart = uri.indexOf('?'); + if (queryStart != -1) { + uri = uri.substring(0, queryStart); + } + return uri; + } } // ------------------------------------------------------------------------ -- 2.11.0