Add review suggestions

Author: HasiniSama

identity-apps-core/apps/authentication-portal/src/main/webapp/basicauth.jsp

@@ -302,7 +302,7 @@
     String resendUsername = request.getParameter("resend_username");
     String spProp = "sp";
     String spIdProp = "spId";
-    String sp = request.getParameter("sp");
+    String sp = Encode.forJava(request.getParameter("sp"));
     String spId = "";
 
     try {
@@ -567,8 +567,7 @@
             String urlWithoutEncoding = null;
             try {
                 ApplicationDataRetrievalClient applicationDataRetrievalClient = new ApplicationDataRetrievalClient();
-                urlWithoutEncoding = applicationDataRetrievalClient.getApplicationAccessURL(tenantDomain,
-                        request.getParameter("sp"));
+                urlWithoutEncoding = applicationDataRetrievalClient.getApplicationAccessURL(tenantDomain, sp);
             } catch (ApplicationDataRetrievalClientException e) {
                 //ignored and fallback to login page url
             }
@@ -578,11 +577,11 @@
                 String serverName = request.getServerName();
                 int serverPort = request.getServerPort();
                 String uri = (String) request.getAttribute(JAVAX_SERVLET_FORWARD_REQUEST_URI);
-                String prmstr = URLDecoder.decode(((String) request.getAttribute(JAVAX_SERVLET_FORWARD_QUERY_STRING)), UTF_8);
+                String paramStr = URLDecoder.decode(((String) request.getAttribute(JAVAX_SERVLET_FORWARD_QUERY_STRING)), UTF_8);
                 if ((scheme == "http" && serverPort == HttpURL.DEFAULT_PORT) || (scheme == "https" && serverPort == HttpsURL.DEFAULT_PORT)) {
-                    urlWithoutEncoding = scheme + "://" + serverName + uri + "?" + prmstr;
+                    urlWithoutEncoding = scheme + "://" + serverName + uri + "?" + paramStr;
                 } else {
-                    urlWithoutEncoding = scheme + "://" + serverName + ":" + serverPort + uri + "?" + prmstr;
+                    urlWithoutEncoding = scheme + "://" + serverName + ":" + serverPort + uri + "?" + paramStr;
                 }
             }
             urlWithoutEncoding = IdentityManagementEndpointUtil.replaceUserTenantHintPlaceholder(

identity-apps-core/components/org.wso2.identity.apps.common/src/test/java/org/wso2/identity/apps/common/listener/AppPortalRoleManagementListenerTest.java

@@ -105,7 +105,9 @@ public void tearDown() throws Exception {
 
     @DataProvider(name = "preUpdateUserListOfRoleDataProvider")
     public Object[][] preUpdateUserListOfRoleDataProvider() {
-        return new Object[][]{
+
+        return new Object[][] {
+            
             // Test case where deletedUserIDList == null.
             {roleId, Collections.emptyList(), null, tenantDomain, isAdminRole, !isOrganization, adminUserId},
 
@@ -143,7 +145,7 @@ public void testPreUpdateUserListOfRole(String roleId, List<String> newUserIDLis
         when(roleManagementService.getRoleBasicInfoById(roleId, tenantDomain)).thenReturn(role);
         setRoleAttributes(isAdminRole);
 
-        // Call the method.
+        // Invoke pre-update method for updating the user list of a role.
         if (!isAdminRole || deletedUserIDList == null || isOrganization || !deletedUserIDList.contains(adminUserId)) {
             appPortalRoleManagementListener.preUpdateUserListOfRole(roleId, newUserIDList, deletedUserIDList,
                 tenantDomain);