root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity

SEC-478: Handle incorrect Base64 cookie encoding.

This commit is contained in:
Ben Alex 2007-05-23 06:45:45 +00:00
parent 5b8898c750
commit f45c0944ef
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java
View File

@ -118,6 +118,10 @@ public class TokenBasedRememberMeServices implements RememberMeServices, Initial
if (ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY.equals(cookies[i].getName())) { if (ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY.equals(cookies[i].getName())) {
String cookieValue = cookies[i].getValue(); String cookieValue = cookies[i].getValue();
for (int j = 0; j < cookieValue.length() % 4; j++) {
cookieValue = cookieValue + "=";
}
if (Base64.isArrayByteBase64(cookieValue.getBytes())) { if (Base64.isArrayByteBase64(cookieValue.getBytes())) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Remember-me cookie detected"); logger.debug("Remember-me cookie detected");