Char-Whitelist-Check bei Passwort raus
diff --git a/src/main/java/org/eclipse/openk/portal/auth2/util/JwtHelper.java b/src/main/java/org/eclipse/openk/portal/auth2/util/JwtHelper.java
index 95c6579..c830013 100644
--- a/src/main/java/org/eclipse/openk/portal/auth2/util/JwtHelper.java
+++ b/src/main/java/org/eclipse/openk/portal/auth2/util/JwtHelper.java
@@ -11,6 +11,8 @@
*/
package org.eclipse.openk.portal.auth2.util;
+import java.io.*;
+import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import javax.ws.rs.core.MediaType;
import org.eclipse.openk.portal.auth2.model.JwtHeader;
@@ -20,11 +22,7 @@
import org.eclipse.openk.portal.auth2.model.KeyCloakUser;
import com.google.gson.JsonSyntaxException;
import com.google.gson.reflect.TypeToken;
-import java.io.BufferedReader;
-import java.io.DataOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
+
import java.lang.reflect.Type;
import java.net.HttpURLConnection;
import java.net.URL;
@@ -43,10 +41,16 @@
}
public static JwtToken login(String user, String password) throws PortalInternalServerError {
- String token = sendPost(BackendConfig.getInstance().getAuthServerUrl() + "auth/realms/" +
- BackendConfig.getInstance().getKeycloakRealm() + "/protocol/openid-connect/token",
- "username=" + user + "&password=" + password + "&client_id="
- + BackendConfig.getInstance().getKeycloakClient() + "&grant_type=password");
+ String token = null;
+ try {
+ token = sendPost(BackendConfig.getInstance().getAuthServerUrl() + "auth/realms/" +
+ BackendConfig.getInstance().getKeycloakRealm() + "/protocol/openid-connect/token",
+ "username=" + user + "&password=" + URLEncoder.encode(password, "UTF-8") + "&client_id="
+ + BackendConfig.getInstance().getKeycloakClient() + "&grant_type=password");
+ } catch (UnsupportedEncodingException e) {
+ logger.error( "Unsupported Encoding Exception: ", e);
+ throw new PortalInternalServerError(e.getMessage());
+ }
return getJwtTokenFromJson(token);
}
@@ -162,24 +166,25 @@
private static String sendPost(String targetUrl, String urlParameters) throws PortalInternalServerError {
logger.info("sendPost");
- HttpURLConnection con = getHttpConnection(targetUrl);
+ HttpURLConnection con = getHttpConnection(targetUrl);
StringBuilder response = new StringBuilder(); // or StringBuffer if Java version 5+
try (AutoCloseable conc = con::disconnect) {
con.setRequestMethod("POST");
- con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
+ con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=utf-8");
con.setRequestProperty("Accept", MediaType.APPLICATION_JSON);
- con.setRequestProperty("Content-Length", Integer.toString(urlParameters.getBytes().length));
+ con.setRequestProperty("Content-Length", Integer.toString(urlParameters.getBytes(StandardCharsets.UTF_8.name()).length));
+
con.setInstanceFollowRedirects(false);
con.setDoOutput(true);
// Send request
try (DataOutputStream wr = new DataOutputStream(con.getOutputStream())) {
- wr.writeBytes(urlParameters);
+ wr.write(urlParameters.getBytes(StandardCharsets.UTF_8.name()));
}
// Get Response
InputStream is = con.getInputStream();
- try (BufferedReader rd = new BufferedReader(new InputStreamReader(is, "UTF-8"))) {
+ try (BufferedReader rd = new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8.name()))) {
String line;
while ((line = rd.readLine()) != null) {
response.append(line);
