NOJIRA tag for 3.1.8

Author: battags

cas-client-core/pom.xml

@@ -2,7 +2,7 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <parent>
         <groupId>org.jasig.cas</groupId>
-        <version>3.1.5</version>
+        <version>3.1.8</version>
         <artifactId>cas-client</artifactId>
     </parent>
     <modelVersion>4.0.0</modelVersion>

cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java

@@ -87,38 +87,43 @@ public final void doFilter(final ServletRequest servletRequest, final ServletRes
         final HttpServletRequest request = (HttpServletRequest) servletRequest;
         final HttpServletResponse response = (HttpServletResponse) servletResponse;
         final HttpSession session = request.getSession(false);
-        final String ticket = request.getParameter(getArtifactParameterName());
         final String serviceUrl = constructServiceUrl(request, response);
-        final Assertion assertion = session != null ? (Assertion) session
-                .getAttribute(CONST_CAS_ASSERTION) : null;
-        final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);
+        final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;    
 
-        if (CommonUtils.isBlank(ticket) && assertion == null && !wasGatewayed) {
-        	final String modifiedServiceUrl;
-        	
-            log.debug("no ticket and no assertion found");
-            if (this.gateway) {
-                log.debug("setting gateway attribute in session");
-                modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);
-            } else {
-            	modifiedServiceUrl = serviceUrl;
-            }
-            
-            if (log.isDebugEnabled()) {
-            	log.debug("Constructed service url: " + modifiedServiceUrl);
-            }
-            
-            final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);
+        if (assertion != null) {
+            filterChain.doFilter(request, response);
+            return;
+        }
 
-            if (log.isDebugEnabled()) {
-                log.debug("redirecting to \"" + urlToRedirectTo + "\"");
-            }
+        final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName());
+        final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);
 
-            response.sendRedirect(urlToRedirectTo);
+        if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {
+            filterChain.doFilter(request, response);
             return;
         }
 
-        filterChain.doFilter(request, response);
+        final String modifiedServiceUrl;
+
+        log.debug("no ticket and no assertion found");
+        if (this.gateway) {
+            log.debug("setting gateway attribute in session");
+            modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);
+        } else {
+            modifiedServiceUrl = serviceUrl;
+        }
+
+        if (log.isDebugEnabled()) {
+            log.debug("Constructed service url: " + modifiedServiceUrl);
+        }
+
+        final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);
+
+        if (log.isDebugEnabled()) {
+            log.debug("redirecting to \"" + urlToRedirectTo + "\"");
+        }
+
+        response.sendRedirect(urlToRedirectTo);
     }
 
     public final void setRenew(final boolean renew) {

cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutFilter.java

@@ -57,7 +57,7 @@ public void doFilter(final ServletRequest servletRequest, final ServletResponse
         final HttpServletRequest request = (HttpServletRequest) servletRequest;
 
         if ("POST".equals(request.getMethod())) {
-            final String logoutRequest = request.getParameter("logoutRequest");
+            final String logoutRequest = CommonUtils.safeGetParameter(request, "logoutRequest");
 
             if (CommonUtils.isNotBlank(logoutRequest)) {
 
@@ -87,7 +87,7 @@ public void doFilter(final ServletRequest servletRequest, final ServletResponse
                 }
             }
         } else {
-        	final String artifact = request.getParameter(this.artifactParameterName);
+        	final String artifact = CommonUtils.safeGetParameter(request, this.artifactParameterName);
             final HttpSession session = request.getSession();
 
             if (log.isDebugEnabled() && session != null) {

cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractConfigurationFilter.java

@@ -38,12 +38,14 @@ protected final String getPropertyFromInitParams(final FilterConfig filterConfig
         final String value = filterConfig.getInitParameter(propertyName);
 
         if (CommonUtils.isNotBlank(value)) {
+            log.info("Property [" + propertyName + "] loaded from FilterConfig.getInitParameter with value [" + value + "]");
             return value;
         }
 
         final String value2 = filterConfig.getServletContext().getInitParameter(propertyName);
 
         if (CommonUtils.isNotBlank(value2)) {
+            log.info("Property [" + propertyName + "] loaded from ServletContext.getInitParameter with value [" + value2 + "]");
             return value2;
         }
         InitialContext context = null;
@@ -59,15 +61,18 @@ protected final String getPropertyFromInitParams(final FilterConfig filterConfig
         final String value3 = loadFromContext(context, "java:comp/env/cas/" + shortName + "/" + propertyName);
 
         if (CommonUtils.isNotBlank(value3)) {
+            log.info("Property [" + propertyName + "] loaded from JNDI Filter Specific Property with value [" + value3 + "]");
         	return value3;
         }
 
         final String value4 = loadFromContext(context, "java:comp/env/cas/" + propertyName); 
 
         if (CommonUtils.isNotBlank(value4)) {
+            log.info("Property [" + propertyName + "] loaded from JNDI with value [" + value3 + "]");
         	return value4;
         }
 
+        log.info("Property [" + propertyName + "] not found.  Using default value [" + defaultValue + "]");
         return defaultValue;
     }
 
@@ -79,7 +84,6 @@ protected final String loadFromContext(final InitialContext context, final Strin
     	try {
     		return (String) context.lookup(path);
     	} catch (final NamingException e) {
-    		log.warn("No value found in context for: '" + path + "'; Returning null.");
     		return null;
     	}
     }

cas-client-core/src/main/java/org/jasig/cas/client/util/CommonUtils.java

@@ -11,6 +11,7 @@
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.ServletRequest;
 
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
@@ -138,7 +139,7 @@ public static boolean isNotBlank(final String string) {
      */
     public static final String constructRedirectUrl(final String casServerLoginUrl, final String serviceParameterName, final String serviceUrl, final boolean renew, final boolean gateway) {
         try {
-        return casServerLoginUrl + "?" + serviceParameterName + "="
+        return casServerLoginUrl + (casServerLoginUrl.indexOf("?") != -1 ? "&" : "?") + serviceParameterName + "="
                     + URLEncoder.encode(serviceUrl, "UTF-8")
                     + (renew ? "&renew=true" : "")
                     + (gateway ? "&gateway=true" : "");
@@ -147,7 +148,7 @@ public static final String constructRedirectUrl(final String casServerLoginUrl,
         }
     }
 
-    public static final void readAndRespondToProxyReceptorRequest(final HttpServletRequest request, final HttpServletResponse response, final ProxyGrantingTicketStorage proxyGrantingTicketStorage) throws IOException {
+    public static void readAndRespondToProxyReceptorRequest(final HttpServletRequest request, final HttpServletResponse response, final ProxyGrantingTicketStorage proxyGrantingTicketStorage) throws IOException {
         final String proxyGrantingTicketIou = request
         .getParameter(PARAM_PROXY_GRANTING_TICKET_IOU);
 
@@ -182,7 +183,7 @@ public static final void readAndRespondToProxyReceptorRequest(final HttpServletR
      * @param response the HttpServletResponse
      * @return the service url to use.
      */
-    public static final String constructServiceUrl(final HttpServletRequest request,
+    public static String constructServiceUrl(final HttpServletRequest request,
                                                final HttpServletResponse response, final String service, final String serverName, final String artifactParameterName, final boolean encode) {
         if (CommonUtils.isNotBlank(service)) {
             return encode ? response.encodeURL(service) : service;
@@ -236,4 +237,24 @@ public static final String constructServiceUrl(final HttpServletRequest request,
         return returnValue;
     }
 
+    /**
+     * Safe method for retrieving a parameter from the request without disrupting the reader UNLESS the parameter
+     * actually exists in the query string.
+     * <p>
+     * Note, this does not work for POST Requests for "logoutRequest".  It works for all other CAS POST requests because the
+     * parameter is ALWAYS in the GET request.
+     * <p>
+     * If we see the "logoutRequest" parameter we MUST treat it as if calling the standard request.getParameter.
+     *
+     * @param request the request to check.
+     * @param parameter the parameter to look for.
+     * @return the value of the parameter.
+     */
+    public static String safeGetParameter(final HttpServletRequest request, final String parameter) {
+        if ("POST".equals(request.getMethod()) && "logoutRequest".equals(parameter)) {
+            LOG.warn("safeGetParameter called on a POST HttpServletRequest for LogoutRequest.  Cannot complete check safely.  Reverting to standard behavior for this Parameter");
+            return request.getParameter(parameter);
+        }
+        return request.getQueryString() == null || request.getQueryString().indexOf(parameter) == -1 ? null : request.getParameter(parameter);       
+    }
 }

cas-client-core/src/main/java/org/jasig/cas/client/util/DelegatingFilter.java

@@ -14,6 +14,7 @@
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.util.Iterator;
 import java.util.Map;
@@ -89,8 +90,7 @@ public void doFilter(final ServletRequest request,
                          final ServletResponse response, final FilterChain filterChain)
             throws IOException, ServletException {
 
-        final String parameter = request
-                .getParameter(this.requestParameterName);
+        final String parameter = CommonUtils.safeGetParameter((HttpServletRequest) request, this.requestParameterName);
 
         if (CommonUtils.isNotEmpty(parameter)) {
             for (final Iterator iter = this.delegators.keySet().iterator(); iter

cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java

@@ -121,7 +121,7 @@ public final void doFilter(final ServletRequest servletRequest, final ServletRes
 
         final HttpServletRequest request = (HttpServletRequest) servletRequest;
         final HttpServletResponse response = (HttpServletResponse) servletResponse;
-        final String ticket = request.getParameter(getArtifactParameterName());
+        final String ticket = CommonUtils.safeGetParameter(request, getArtifactParameterName());
 
         if (CommonUtils.isNotBlank(ticket)) {
             if (log.isDebugEnabled()) {

cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ProxyReceivingTicketValidationFilter.java

@@ -91,7 +91,7 @@ protected final TicketValidator getTicketValidator(final FilterConfig filterConf
         if (CommonUtils.isNotBlank(allowAnyProxy) || CommonUtils.isNotBlank(allowedProxyChains)) {
             final Cas20ProxyTicketValidator v = new Cas20ProxyTicketValidator(casServerUrlPrefix);
             v.setAcceptAnyProxy(parseBoolean(allowAnyProxy));
-            v.setAllowedProxyChains(new ProxyList(constructListOfProxies(allowedProxyChains)));
+            v.setAllowedProxyChains(createProxyList(allowedProxyChains));
             validator = v;
         } else {
             validator = new Cas20ServiceTicketValidator(casServerUrlPrefix);
@@ -117,17 +117,15 @@ protected final TicketValidator getTicketValidator(final FilterConfig filterConf
         return validator;
     }
 
-    protected final List constructListOfProxies(final String proxies) {
+    protected final ProxyList createProxyList(final String proxies) {
         if (CommonUtils.isBlank(proxies)) {
-            return new ArrayList();
+            return new ProxyList();
         }
 
-        final String[] splitProxies = proxies.split("\n");
-        final List items = Arrays.asList(splitProxies);
         final ProxyListEditor editor = new ProxyListEditor();
-        editor.setValue(items);
-        return (List) editor.getValue();
-    }
+        editor.setAsText(proxies);
+        return (ProxyList) editor.getValue();
+     }
 
     public void destroy() {
         super.destroy();
@@ -166,4 +164,8 @@ public void setTimer(final Timer timer) {
     public void setTimerTask(final TimerTask timerTask) {
         this.timerTask = timerTask;
     }
+
+    public void setMillisBetweenCleanUps(final int millisBetweenCleanUps) {
+        this.millisBetweenCleanUps = millisBetweenCleanUps;
+    }
 }

cas-client-core/src/main/java/org/jasig/cas/client/validation/ProxyList.java

@@ -5,6 +5,8 @@
  */
 package org.jasig.cas.client.validation;
 
+import org.jasig.cas.client.util.CommonUtils;
+
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Iterator;
@@ -22,6 +24,13 @@ public final class ProxyList {
     private final List proxyChains;
 
     public ProxyList(final List proxyChains) {
+        CommonUtils.assertNotNull(proxyChains, "List of proxy chains cannot be null.");
+
+        // Assert that all entries in the list are String[]
+        for (final Iterator iter = proxyChains.iterator(); iter.hasNext();) {
+            CommonUtils.assertTrue(iter.next() instanceof String[], "Proxy chains must contain String[] items exclusively.");
+        }
+
         this.proxyChains = proxyChains;
     }
 

cas-client-core/src/main/java/org/jasig/cas/client/validation/Saml11TicketValidator.java

@@ -13,6 +13,8 @@
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.util.*;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
 
 /**
  * TicketValidator that can understand validating a SAML artifact.  This includes the SOAP request/response.
@@ -158,8 +160,14 @@ private List getValuesFrom(final SAMLAttribute attribute) {
         return list;
     }
 
+    private static String getFormattedDateAndTime(final Date date) {
+        final DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+        return dateFormat.format(date);
+    }
+
+
     protected String retrieveResponseFromServer(final URL validationUrl, final String ticket) {
-        final String MESSAGE_TO_SEND = "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\"  MajorVersion=\"1\" MinorVersion=\"1\" RequestID=\"_192.168.16.51.1024506224022\" IssueInstant=\"2002-06-19T17:03:44.022Z\">"
+        final String MESSAGE_TO_SEND = "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\"  MajorVersion=\"1\" MinorVersion=\"1\" RequestID=\"" + UUID.randomUUID().toString() + "\" IssueInstant=\"" + getFormattedDateAndTime(new Date()) + "\">"
                 + "<samlp:AssertionArtifact>" + ticket
                 + "</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>";