Skip to content

Commit 1c22e44

Browse files
committed
fixing intermediate HTML form-post on SSO #124
1 parent b67b9b7 commit 1c22e44

2 files changed

Lines changed: 39 additions & 0 deletions

File tree

WebContent/WEB-INF/web.xml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,10 @@
99
<filter-name>corsFilter</filter-name>
1010
<url-pattern>/oauth/*</url-pattern>
1111
</filter-mapping>
12+
<filter-mapping>
13+
<filter-name>clearSavedRequestFilter</filter-name>
14+
<url-pattern>/oauth/*</url-pattern>
15+
</filter-mapping>
1216
<filter-mapping>
1317
<filter-name>callbackFilter</filter-name>
1418
<url-pattern>/oauth/callback</url-pattern>
@@ -48,6 +52,11 @@
4852
<url-pattern>/saml2/*</url-pattern>
4953
</filter-mapping>
5054

55+
<filter-mapping>
56+
<filter-name>clearSavedRequestFilter</filter-name>
57+
<url-pattern>/saml2/*</url-pattern>
58+
</filter-mapping>
59+
5160
<filter-mapping>
5261
<filter-name>saml2Callback</filter-name>
5362
<url-pattern>/saml2/callback</url-pattern>
Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
package com.fuse.authentication.oauth;
2+
3+
import javax.servlet.*;
4+
import javax.servlet.annotation.WebFilter;
5+
import javax.servlet.http.HttpServletRequest;
6+
import javax.servlet.http.HttpServletResponse;
7+
import javax.servlet.http.HttpSession;
8+
9+
import org.pac4j.core.util.Pac4jConstants;
10+
11+
import java.io.IOException;
12+
13+
@WebFilter(filterName = "clearSavedRequestFilter")
14+
public class ClearSavedRequestFilter implements Filter {
15+
16+
@Override
17+
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
18+
throws IOException, ServletException {
19+
20+
HttpServletRequest request = (HttpServletRequest) req;
21+
HttpSession session = request.getSession(false);
22+
23+
if (session != null && request.getRequestURI().contains("/saml2/callback")) {
24+
// Remove pac4j's saved original request so it won't form-POST replay it
25+
session.removeAttribute(Pac4jConstants.REQUESTED_URL);
26+
}
27+
28+
chain.doFilter(req, res);
29+
}
30+
}

0 commit comments

Comments
 (0)