OPENAM-6373

craigmcdonnell · craigmcdonnell · commit 42e6f052c417 · 2016-01-11T19:19:32.000Z
diff --git a/openam-core/src/main/java/com/sun/identity/authentication/client/AuthClientUtils.java b/openam-core/src/main/java/com/sun/identity/authentication/client/AuthClientUtils.java
@@ -28,6 +28,8 @@
  */
 package com.sun.identity.authentication.client;
 
+import static java.util.Arrays.asList;
+
 import com.iplanet.am.util.AMClientDetector;
 import com.iplanet.am.util.SystemProperties;
 import com.iplanet.dpro.session.SessionException;
@@ -91,7 +93,6 @@
 import java.net.URLDecoder;
 import java.security.AccessController;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashMap;
@@ -100,6 +101,7 @@
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.ResourceBundle;
 import java.util.Set;
 import java.util.StringTokenizer;
@@ -333,7 +335,7 @@ protected AuthClientUtils() {
     private static List<String> getHeaderNameListForProperty(String property) {
         String value = SystemProperties.get(property);
         if (value != null) {
-            return Arrays.asList(value.toLowerCase().split(","));
+            return asList(value.toLowerCase().split(","));
         }
         return Collections.EMPTY_LIST;
     }
@@ -2529,8 +2531,9 @@ public static Map<String, Object> sendAuthRequestToOrigServer(HttpServletRequest
             // If we don't do this the server might going to deny the request because of invalid domain access.
             conn.setRequestProperty("Host", request.getHeader("host"));
 
+            List<Cookie> cookies = removeLocalLoadBalancingCookie(asList(request.getCookies()));
             // replay cookies
-            strCookies = getCookiesString(request);
+            strCookies = getCookiesString(cookies);
             if (strCookies != null) {
                 if (utilDebug.messageEnabled()) {
                     utilDebug.message("Sending cookies : " + strCookies);
@@ -2573,7 +2576,7 @@ public static Map<String, Object> sendAuthRequestToOrigServer(HttpServletRequest
                     if (queryParams.containsKey(entry.getKey())) {
                         // TODO: do we need to care about params that can be both in GET and POST?
                     } else {
-                        postParams.put(entry.getKey(), new HashSet<String>(Arrays.asList(entry.getValue())));
+                        postParams.put(entry.getKey(), new HashSet<String>(asList(entry.getValue())));
                     }
                 }
 
@@ -2677,6 +2680,22 @@ public static Map<String, Object> sendAuthRequestToOrigServer(HttpServletRequest
         return origRequestData;
     }
 
+    /**
+     * Filter the load balancing cookie if it points to this server to avoid potential infinite redirect loop.
+     */
+    private static List<Cookie> removeLocalLoadBalancingCookie(final List<Cookie> cookies) {
+        final String lblCookieName = getlbCookieName();
+        final String lblCookieValue = getlbCookieValue();
+        final List<Cookie> filteredCookies = new ArrayList<>();
+        for (final Cookie cookie : cookies) {
+            if (!Objects.equals(cookie.getName(), lblCookieName)
+                    && !Objects.equals(cookie.getValue(), lblCookieValue)) {
+                filteredCookies.add(cookie);
+            }
+        }
+        return filteredCookies;
+    }
+
     private static boolean isSameServer(URL url1, URL url2) {
         int port1 = url1.getPort() != -1 ? url1.getPort() : url1.getDefaultPort();
         int port2 = url2.getPort() != -1 ? url2.getPort() : url2.getDefaultPort();
@@ -2736,25 +2755,21 @@ private static String getFormData(Map<String, Set<String>> params) {
     }
 
     // Get cookies string from HTTP request object
-    private static String getCookiesString(HttpServletRequest request) {
-        Cookie cookies[] = request.getCookies();
+    private static String getCookiesString(List<Cookie> cookies) {
         StringBuilder cookieStr = null;
         String strCookies = null;
         // Process Cookies
         if (cookies != null) {
-            for (int nCookie = 0; nCookie < cookies.length; nCookie++) {
+            for (final Cookie cookie : cookies) {
                 if (utilDebug.messageEnabled()) {
-                    utilDebug.message("Cookie name='{}', value='{}'",
-                            cookies[nCookie].getName(), cookies[nCookie].getValue());
+                    utilDebug.message("Cookie name='{}', value='{}'", cookie.getName(), cookie.getValue());
                 }
                 if (cookieStr == null) {
                     cookieStr = new StringBuilder();
                 } else {
                     cookieStr.append(";");
                 }
-                cookieStr.append(cookies[nCookie].getName())
-                .append("=")
-                .append(cookies[nCookie].getValue());
+                cookieStr.append(cookie.getName()).append("=").append(cookie.getValue());
             }
         }
         if (cookieStr != null) {
