From b67218c150fc8a1c4133f6388e700f44882e2d08 Mon Sep 17 00:00:00 2001 From: Jannick Weisshaupt Date: Wed, 6 Sep 2023 09:41:36 +0200 Subject: [PATCH 1/2] Fix corrupted saml2 metadata when special characters are present Closes gh-13776 --- .../saml2/provider/service/web/Saml2MetadataFilter.java | 2 +- .../saml2/provider/service/web/Saml2MetadataFilterTests.java | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java index 63d9c49d1c7..88ec142f577 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java @@ -104,7 +104,7 @@ private void writeMetadataToResponse(HttpServletResponse response, String regist String encodedFileName = URLEncoder.encode(fileName, StandardCharsets.UTF_8.name()); String format = "attachment; filename=\"%s\"; filename*=UTF-8''%s"; response.setHeader(HttpHeaders.CONTENT_DISPOSITION, String.format(format, fileName, encodedFileName)); - response.setContentLength(metadata.length()); + response.setContentLength(metadata.getBytes(StandardCharsets.UTF_8).length); response.setCharacterEncoding(StandardCharsets.UTF_8.name()); response.getWriter().write(metadata); } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java index 5de6effb87c..be2318430d1 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java @@ -166,6 +166,8 @@ public void doFilterWhenCharacterEncodingThenEncodeSpecialCharactersCorrectly() this.filter.doFilter(this.request, this.response, this.chain); assertThat(this.response.getCharacterEncoding()).isEqualTo(StandardCharsets.UTF_8.name()); assertThat(this.response.getContentAsString(StandardCharsets.UTF_8)).isEqualTo(generatedMetadata); + assertThat(this.response.getContentLength()).isEqualTo( + generatedMetadata.getBytes(StandardCharsets.UTF_8).length); } @Test From 664ee9a20684f39b7d74b71b8345d3e1ed2e3b6f Mon Sep 17 00:00:00 2001 From: Marcus Da Coregio Date: Mon, 25 Sep 2023 10:09:32 -0300 Subject: [PATCH 2/2] Fix formatting Issue gh-13776 --- .../saml2/provider/service/web/Saml2MetadataFilterTests.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java index be2318430d1..6bd2e19751d 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java @@ -166,8 +166,8 @@ public void doFilterWhenCharacterEncodingThenEncodeSpecialCharactersCorrectly() this.filter.doFilter(this.request, this.response, this.chain); assertThat(this.response.getCharacterEncoding()).isEqualTo(StandardCharsets.UTF_8.name()); assertThat(this.response.getContentAsString(StandardCharsets.UTF_8)).isEqualTo(generatedMetadata); - assertThat(this.response.getContentLength()).isEqualTo( - generatedMetadata.getBytes(StandardCharsets.UTF_8).length); + assertThat(this.response.getContentLength()) + .isEqualTo(generatedMetadata.getBytes(StandardCharsets.UTF_8).length); } @Test