Redirect URL has ticket parameter appended after fragment identifier

Description

The service redirect that occurs after a successful login currently appends the ticket parameter after the url fragment identifier (#fragment_identifier), if one exists. This creates a problem for javascript applications that use the fragment identifiers for navigation (as is done in GWT, gmail, etc).

Example:
After authentication this link:
http://en.wikipedia.org/wiki/Fragment_identifier#Processing
should be:
http://en.wikipedia.org/wiki/Fragment_identifier?ticket=2jk4hfg8h923fh3#Processing
rather than:
http://en.wikipedia.org/wiki/Fragment_identifier#Processing?ticket=2jk4hfg8h923fh3

Possible Fix:

package org.jasig.cas.authentication.principal;

public final class Response {
...
public static Response getRedirectResponse(final String url,
final Map<String, String> parameters) {
final StringBuilder builder = new StringBuilder(
parameters.size() * 40 + 100);
boolean isFirst = true;

final String[] urlAndFragment = url.split("#", 2);
builder.append(urlAndFragment[0]);

for (final Map.Entry<String, String> entry : parameters.entrySet()) {
if (entry.getValue() != null) {
if (isFirst) {
builder.append(url.contains("?") ? "&" : "?");
isFirst = false;
} else {
builder.append("&");
}
builder.append(entry.getKey());
builder.append("=");

try {
builder.append(URLEncoder.encode(entry.getValue(), "UTF-8"));
} catch (final Exception e) {
builder.append(entry.getValue());
}
}
}

if(urlAndFragment.length > 1){
builder.append("#");
builder.append(urlAndFragment[1]);
}

return new Response(ResponseType.REDIRECT, builder.toString(), parameters);
}
...
}

Environment

None

Assignee

ScottS

Reporter

Jon Adams

Labels

None

Estimated End Date

None

Components

Fix versions

Priority

Minor
Configure