From 6e575ed4a646fe69cb1151406b9408755524154c Mon Sep 17 00:00:00 2001 From: "k.triantafyllou" Date: Thu, 25 Nov 2021 14:09:51 +0200 Subject: [PATCH] Encode redirect URL before send it to AAI --- .../security/oidc/OpenAIRELogoutSuccessHandler.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java b/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java index f880ac9..31acd9f 100644 --- a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java +++ b/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java @@ -10,6 +10,9 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.net.URLEncoder; +import java.nio.charset.StandardCharsets; @Configuration public class OpenAIRELogoutSuccessHandler implements LogoutSuccessHandler { @@ -21,6 +24,10 @@ public class OpenAIRELogoutSuccessHandler implements LogoutSuccessHandler { this.properties = properties; } + private String encodeValue(String value) throws UnsupportedEncodingException { + return URLEncoder.encode(value, StandardCharsets.UTF_8.toString()); + } + @Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException { HttpSession session = request.getSession(); @@ -30,6 +37,6 @@ public class OpenAIRELogoutSuccessHandler implements LogoutSuccessHandler { redirect = properties.getRedirect(); } session.invalidate(); - response.sendRedirect(properties.getOidc().getLogout() + redirect); + response.sendRedirect(properties.getOidc().getLogout() + encodeValue(redirect)); } }