From 05d6582b94afc5beb78a6384f7d512a2582ebf0b Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Fri, 7 May 2021 16:37:33 -0700
Subject: [PATCH] SHIBUI-1863

Added allow doubleslash in encoded urls
---
 .../admin/ui/configuration/auto/WebSecurityConfig.java     | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
index cc6847621..f75f323be 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
@@ -49,15 +49,14 @@ public class WebSecurityConfig {
     @Autowired
     private RoleRepository roleRepository;
 
-    @Bean
-    public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
+    private HttpFirewall allowUrlEncodedSlashHttpFirewall() {
         StrictHttpFirewall firewall = new StrictHttpFirewall();
         firewall.setAllowUrlEncodedSlash(true);
+        firewall.setAllowUrlEncodedDoubleSlash(true);
         return firewall;
     }
 
-    @Bean
-    public HttpFirewall defaultFirewall() {
+    private HttpFirewall defaultFirewall() {
         return new DefaultHttpFirewall();
     }