private String getReturnTo(String spDestination, HttpSession httpSession) throws UnsupportedEncodingException { // generate nonce for protection against CSRF NonceGenerator _consumerNonceGenerator = new IncrementalNonceGenerator(); String nonce = _consumerNonceGenerator.next(); // add to "return_to" String returnTo = spDestination; returnTo += (returnTo.indexOf('?') != -1) ? '&' : '?'; returnTo += RETURN_TO_NONCE_PARAM + "=" + URLEncoder.encode(nonce, "UTF-8"); // store return_to on session for response validation httpSession.setAttribute(RETURN_TO_SESSION_ATTRIBUTE, returnTo); return returnTo; }
String nonce = _consumerNonceGenerator.next();
String nonce = _consumerNonceGenerator.next();
String nonce = _consumerNonceGenerator.next();
String nonce = _consumerNonceGenerator.next();
String nonce = _consumerNonceGenerator.next();
String nonce = _nonceGenerator.next();
String nonce = _nonceGenerator.next();
opEndpoint, claimed, id, !isVersion2, authReq.getReturnTo(), isVersion2 ? _nonceGenerator.next() : null, invalidateHandle, assoc, false);
opEndpoint, claimed, id, !isVersion2, authReq.getReturnTo(), isVersion2 ? _nonceGenerator.next() : null, invalidateHandle, assoc, false);
opEndpoint, claimed, id, !isVersion2, authReq.getReturnTo(), isVersion2 ? _nonceGenerator.next() : null, invalidateHandle, assoc, false);
opEndpoint, claimed, id, !isVersion2, authReq.getReturnTo(), isVersion2 ? _nonceGenerator.next() : null, invalidateHandle, assoc, false);
opEndpoint, claimed, id, !isVersion2, authReq.getReturnTo(), isVersion2 ? _nonceGenerator.next() : null, invalidateHandle, assoc, false);