Re: [Geoserver-devel] problem CAS extension and URL parameter without value

Wed, 26 Feb 2014 01:13:23 -0800 

Thanks Egon

Can you create a pull request on github , your changes are looking  good.

Cheers
Chrstian





On Tue, Feb 25, 2014 at 5:54 PM, Egon Amade <[email protected]> wrote:

>  Hi,
>
> This is about the CAS extension. We noticed that the retrieveService
> method in CasAuthenticationFilter.java always assumes that a key/value-pair
> (an URL parameter) has a value. See line 118 in:
>
>
> https://github.com/geoserver/geoserver/blob/master/src/extension/security/cas/src/main/java/org/geoserver/security/cas/GeoServerCasAuthenticationFilter.java
>
> The line in question:
>
>        String name = param.split("=")[0];
>        String value = param.split("=")[1];           // error if param has
> no value
>
> However, this  will result in an ArrayIndexOutOfRangeException if, for
> example a GetMap URL contains a parameter with no value, such as: "style="
>
> An example fix:
>
>       String[] keyValue = param.split("=");
>       if (keyValue.length == 0) continue;
>       String name = keyValue[0];
>       String value = (keyValue.length == 1) ? null : keyValue[1];
>
> I guess this line should be adapted as well:
>
>      buff.append(name).append("=").append(value);
>
> Why not just:
>
>      buf.append(param)
>
>
> Greetz, Egon
>
>
> ------------------------------------------------------------------------------
> Flow-based real-time traffic analytics software. Cisco certified tool.
> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
> Customize your own dashboards, set traffic alerts and generate reports.
> Network behavioral analysis & security monitoring. All-in-one tool.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
> _______________________________________________
> Geoserver-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
>


-- 
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to