9 年前 · a82cab7afd
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -15,11 +15,7 @@
 
				  */
			
 
				 package org.springframework.security.web.authentication.rememberme;
			
 
				 
			
 
				-import java.io.UnsupportedEncodingException;
			
 
				 import java.lang.reflect.Method;
			
 
				-import java.net.URLDecoder;
			
 
				-import java.net.URLEncoder;
			
 
				-import java.nio.charset.StandardCharsets;
			
 
				 
			
 
				 import javax.servlet.http.Cookie;
			
 
				 import javax.servlet.http.HttpServletRequest;
			
@@ -230,14 +226,13 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
				 		String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText,
			
 
				 				DELIMITER);
			
 
				 
			
 
				-		for (int i = 0; i < tokens.length; i++) {
			
 
				-			try {
			
 
				-				tokens[i] = URLDecoder.decode(tokens[i], StandardCharsets.UTF_8.name());
			
 
				-			} catch (UnsupportedEncodingException uee) {
			
 
				-				throw new InvalidCookieException(
			
 
				-					"Unable to decode Cookie token using UTF-8; value was '" + tokens[i]
			
 
				-						+ "'");
			
 
				-			}
			
 
				+		if ((tokens[0].equalsIgnoreCase("http") || tokens[0].equalsIgnoreCase("https"))
			
 
				+				&& tokens[1].startsWith("//")) {
			
 
				+			// Assume we've accidentally split a URL (OpenID identifier)
			
 
				+			String[] newTokens = new String[tokens.length - 1];
			
 
				+			newTokens[0] = tokens[0] + ":" + tokens[1];
			
 
				+			System.arraycopy(tokens, 2, newTokens, 1, newTokens.length - 1);
			
 
				+			tokens = newTokens;
			
 
				 		}
			
 
				 
			
 
				 		return tokens;
			
@@ -252,13 +247,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
				 	protected String encodeCookie(String[] cookieTokens) {
			
 
				 		StringBuilder sb = new StringBuilder();
			
 
				 		for (int i = 0; i < cookieTokens.length; i++) {
			
 
				-			try {
			
 
				-				sb.append(URLEncoder.encode(cookieTokens[i], StandardCharsets.UTF_8.name()));
			
 
				-			} catch (UnsupportedEncodingException uee) {
			
 
				-				throw new InvalidCookieException(
			
 
				-					"Unable to encode Cookie token using UTF-8; value was '" + cookieTokens[i]
			
 
				-						+ "'");
			
 
				-			}
			
 
				+			sb.append(cookieTokens[i]);
			
 
				+
			
 
				 			if (i < cookieTokens.length - 1) {
			
 
				 				sb.append(DELIMITER);
			
 
				 			}
			
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -88,7 +88,7 @@ public class AbstractRememberMeServicesTests {
 
				 
			
 
				 	@Test
			
 
				 	public void cookieShouldBeCorrectlyEncodedAndDecoded() throws Exception {
			
 
				-		String[] cookie = new String[] { "name:with:colon", "cookie", "tokens", "blah" };
			
 
				+		String[] cookie = new String[] { "name", "cookie", "tokens", "blah" };
			
 
				 		MockRememberMeServices services = new MockRememberMeServices(uds);
			
 
				 
			
 
				 		String encoded = services.encodeCookie(cookie);
			
@@ -97,7 +97,7 @@ public class AbstractRememberMeServicesTests {
 
				 		String[] decoded = services.decodeCookie(encoded);
			
 
				 
			
 
				 		assertThat(decoded.length).isEqualTo(4);
			
 
				-		assertThat(decoded[0]).isEqualTo("name:with:colon");
			
 
				+		assertThat(decoded[0]).isEqualTo("name");
			
 
				 		assertThat(decoded[1]).isEqualTo("cookie");
			
 
				 		assertThat(decoded[2]).isEqualTo("tokens");
			
 
				 		assertThat(decoded[3]).isEqualTo("blah");