Commit 2e8eae3d authored by Mauro Bartolomeoli's avatar Mauro Bartolomeoli
Browse files

GEOS-6909: let authkey parameter name be case insensitive

parent 265b42f2
......@@ -9,6 +9,8 @@ package org.geoserver.security;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Map;
import java.util.logging.Level;
import javax.servlet.FilterChain;
......@@ -170,18 +172,35 @@ public class GeoServerAuthenticationKeyFilter extends GeoServerSecurityFilter
roles.add(GeoServerRole.AUTHENTICATED_ROLE);
KeyAuthenticationToken result = new KeyAuthenticationToken(authKey, authKeyParamName,user, roles);
SecurityContextHolder.getContext().setAuthentication(result);
SecurityContextHolder.getContext().setAuthentication(result);
}
public String getAuthKey(HttpServletRequest req) {
String authKey=req.getParameter(getAuthKeyParamName());
String authKey=getAuthKeyParamValue(req);
if (StringUtils.hasLength(authKey)==false)
return null;
return authKey;
}
/**
* Extracts authkey value from the request.
*
* @param req
* @return
*/
private String getAuthKeyParamValue(HttpServletRequest req) {
String keyParamName = getAuthKeyParamName();
for (Enumeration<String> a = req.getParameterNames(); a.hasMoreElements();) {
String paramName = a.nextElement();
if (keyParamName.equalsIgnoreCase(paramName)) {
return req.getParameter(paramName);
}
}
return null;
}
/**
* The cache key is the authentication key (global identifier)
......
......@@ -249,4 +249,16 @@ public class AuthencationKeyOWSTest extends GeoServerSystemTestSupport {
String url = engine.evaluate("//wfs:FeatureCollection/@xsi:schemaLocation", doc);
assertTrue(url.contains("&authkey=" + citeKey));
}
@Test
public void testCiteGetFeatureCaseInsensitive() throws Exception {
Document doc = getAsDOM("wfs?service=WFS&version=1.0.0&request=GetFeature&typeName="
+ getLayerId(MockData.PONDS) + "&AUTHKEY=" + citeKey);
// print(doc);
assertXpathEvaluatesTo("1", "count(//wfs:FeatureCollection)", doc);
XpathEngine engine = XMLUnit.newXpathEngine();
String url = engine.evaluate("//wfs:FeatureCollection/@xsi:schemaLocation", doc);
assertTrue(url.contains("&authkey=" + citeKey));
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment