UFAL/Encoded the UTF-8 characters from the redirect URL to UTF

dspace-server-webapp/src/main/java/org/dspace/app/rest/ClarinDiscoJuiceFeedsDownloadService.java

@@ -34,7 +34,7 @@
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.Logger;
-import org.dspace.app.rest.utils.ClarinUtils;
+import org.dspace.app.rest.utils.Utils;
 import org.dspace.services.ConfigurationService;
 import org.dspace.utils.DSpace;
 import org.json.simple.JSONArray;
@@ -237,7 +237,7 @@ private static JSONArray downloadJSON(String url) {
             conn.setReadTimeout(10000);
             // Disable SSL certificate validation
             if (disableSSL && conn instanceof HttpsURLConnection) {
-                ClarinUtils.disableCertificateValidation((HttpsURLConnection) conn);
+                Utils.disableCertificateValidation((HttpsURLConnection) conn);
             }
             //Caution does not follow redirects, and even if you set it to http->https is not possible
             Object obj = parser.parse(new InputStreamReader(conn.getInputStream()));

dspace-server-webapp/src/main/java/org/dspace/app/rest/security/clarin/ClarinShibbolethLoginFilter.java

@@ -307,7 +307,12 @@ private void redirectAfterSuccess(HttpServletRequest request, HttpServletRespons
 
         if (StringUtils.equalsAnyIgnoreCase(redirectHostName, allowedHostNames.toArray(new String[0]))) {
             log.debug("Shibboleth redirecting to " + redirectUrl);
-            response.sendRedirect(redirectUrl);
+            // Encode the UTF-8 characters from redirect URL to UTF-8, to ensure it's properly encoded for the browser
+            String encodedRedirectUrl = org.dspace.app.rest.utils.Utils.encodeNonAsciiCharacters(redirectUrl);
+            if (StringUtils.isEmpty(encodedRedirectUrl)) {
+                log.error("Invalid Encoded Shibboleth redirectURL=" + redirectUrl + ". URL is empty!");
+            }
+            response.sendRedirect(encodedRedirectUrl);
         } else {
             log.error("Invalid Shibboleth redirectURL=" + redirectUrl +
                     ". URL doesn't match hostname of server or UI!");

dspace-server-webapp/src/main/java/org/dspace/app/rest/utils/Utils.java

@@ -29,6 +29,11 @@
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLDecoder;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -44,6 +49,10 @@
 import java.util.TreeSet;
 import java.util.UUID;
 import javax.annotation.Nullable;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 
@@ -1076,4 +1085,52 @@ private BaseObjectRest findBaseObjectRest(Context context, String apiCategory, S
             context.restoreAuthSystemState();
         }
     }
+
+    /**
+     * Disables SSL certificate validation for the given connection
+     *
+     * @param connection
+     */
+    public static void disableCertificateValidation(HttpsURLConnection connection) {
+        try {
+            // Create a TrustManager that trusts all certificates
+            TrustManager[] trustAllCerts = { new X509TrustManager() {
+                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                    return null;
+                }
+
+                public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
+                }
+
+                public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
+                } }
+            };
+
+            // Install the TrustManager
+            SSLContext sslContext = SSLContext.getInstance("SSL");
+            sslContext.init(null, trustAllCerts, new SecureRandom());
+            connection.setSSLSocketFactory(sslContext.getSocketFactory());
+
+            // Set a HostnameVerifier that accepts all hostnames
+            connection.setHostnameVerifier((hostname, session) -> true);
+
+        } catch (NoSuchAlgorithmException | KeyManagementException e) {
+            throw new RuntimeException("Error disabling SSL certificate validation", e);
+        }
+    }
+
+    /**
+     * Function to encode only non-ASCII characters
+     */
+    public static String encodeNonAsciiCharacters(String input) {
+        StringBuilder result = new StringBuilder();
+        for (char ch : input.toCharArray()) {
+            if (!StringUtils.isAsciiPrintable(String.valueOf(ch))) { // Use Apache Commons method
+                result.append(URLEncoder.encode(String.valueOf(ch), StandardCharsets.UTF_8));
+            } else {
+                result.append(ch); // Leave ASCII characters intact
+            }
+        }
+        return result.toString();
+    }
 }

dspace-server-webapp/src/test/java/org/dspace/app/rest/ClarinDiscoJuiceFeedsControllerIT.java

@@ -22,7 +22,7 @@
 
 import org.apache.commons.lang3.StringUtils;
 import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
-import org.dspace.app.rest.utils.ClarinUtils;
+import org.dspace.app.rest.utils.Utils;
 import org.dspace.services.ConfigurationService;
 import org.json.simple.parser.JSONParser;
 import org.json.simple.parser.ParseException;
@@ -64,7 +64,7 @@ public void testDiscoFeedURL() throws Exception {
 
             // Disable SSL certificate validation
             if (disableSSL && conn instanceof HttpsURLConnection) {
-                ClarinUtils.disableCertificateValidation((HttpsURLConnection) conn);
+                Utils.disableCertificateValidation((HttpsURLConnection) conn);
             }
 
             Object obj = parser.parse(new InputStreamReader(conn.getInputStream()));