From 0af74ce134ff9ea5473cb7af7d9f474da05827d7 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Fri, 16 Apr 2021 11:55:30 -0400 Subject: [PATCH] Use ServletUriComponentsBuilder instead of UrlPathHelper --- .../RequestedUrlRedirectInvalidSessionStrategy.java | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java index 8d573e9527..65c6f45c56 100644 --- a/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java +++ b/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java @@ -26,7 +26,7 @@ import org.apache.commons.logging.LogFactory; import org.springframework.security.web.DefaultRedirectStrategy; import org.springframework.security.web.RedirectStrategy; -import org.springframework.web.util.UrlPathHelper; +import org.springframework.web.servlet.support.ServletUriComponentsBuilder; /** * Performs a redirect to the original request URL when an invalid requested session is @@ -42,15 +42,10 @@ public final class RequestedUrlRedirectInvalidSessionStrategy implements Invalid private boolean createNewSession = true; - private final UrlPathHelper urlPathHelper = new UrlPathHelper(); - @Override public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse response) throws IOException { - String destinationUrl = this.urlPathHelper.getOriginatingRequestUri(request); - String queryString = this.urlPathHelper.getOriginatingQueryString(request); - if (queryString != null && !queryString.equals("")) { - destinationUrl = destinationUrl + "?" + queryString; - } + String destinationUrl = ServletUriComponentsBuilder.fromRequest(request).host(null).scheme(null).port(null) + .toUriString(); this.logger.debug("Starting new session (if required) and redirecting to '" + destinationUrl + "'"); if (this.createNewSession) { request.getSession();