I am converting a SAML XML string into base 64 encoded data and posting from a JSP to Controller in java application. For some reason when I receive the data at the server side all the '+'
chars are changed to +
and all the '='
chars are changed to =
.
Please explain what is happening there. For the time being I have written code to find any such strings to replace with +
and =
chars. Also let me know how can I stop this.
My Code and design is: testSSO.jsp -> TestServletSSO.java -> SSOController.java -> CustomRequestWrapper.java
JSP:
<html>
<title>Test page for SSO</title>
<body>
<h3>Test page for SSO</h3>
Please enter SAML in the input box below and submit the page. It will perform SSO with the application.
<form id="form1" method="post" action="testsso">
<TEXTAREA NAME="saml" id="saml" COLS=40 ROWS=6></TEXTAREA>
<input type="submit" />
</form>
</body>
</html>
TestServlet.java
package com.testsso;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class TestServletSSO extends HttpServlet {
/**
*
*/
private static final long serialVersionUID = 1L;
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
CustomRequestWrapper requestWrapper = new CustomRequestWrapper(request);
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("/sso/fetchAndRegister");
dispatcher.forward(requestWrapper, response);
}
}
SSOController.java
package com.controller;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
@RequestMapping("/sso")
public class SSOController {
@RequestMapping("/fetchAndRegister")
public ModelAndView fetchAndRegister(HttpServletRequest request) {
/**
* This will call CustomRequestWrapper.getHeader() method.
*/
String authHeaderStr = (String) request
.getHeader("Authorization");
System.out.println(authHeaderStr); // authHeaderStr has changed here.
UserDetails userDetails = SSOService
.fetchAndRegister(authHeaderStr);
login(request, userDetails);
return new ModelAndView("redirect:/account/eligibility");
}
CustomRequestWrapper.java:
package com.testsso;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class CustomRequestWrapper extends HttpServletRequestWrapper {
public CustomRequestWrapper(HttpServletRequest request) {
super(request);
}
public String getHeader(String name) {
//get the request object and cast it
HttpServletRequest request = (HttpServletRequest)getRequest();
String value = "";
if ("Authorization".equals(name)){
value = (String) request.getParameter("saml");
return value;
}
return request.getHeader(name);
}
}
I had this problem with Handlebars.
var htmlsrc64 = '{{posting.html64}}';
result:
var htmlsrc64 = '... wvZGl2Pgo=';
after changing the statement to 3 curly brackets it didn't longer escape the =
var htmlsrc64 = '{{{posting.html64}}}';
result:
var htmlsrc64 = '... wvZGl2Pgo=';
had similar problem, in my case I was updating an html component with a javacript, values in javascript and html seems not to agree on special characters.
this quick trick can help
function htmlDecode(input){
var e = document.createElement('div');
e.innerHTML = input;
return e.childNodes[0].nodeValue;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With