SEC-443: Provide useRelativeContext property.

2025-07-05 10:12:36 +00:00 · 2007-05-25 02:55:25 +00:00 · 2007-05-25 02:55:25 +00:00 · 24b31c0c57
commit 24b31c0c57
parent c8d5374602
1 changed files with 26 additions and 2 deletions
--- a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
@ -154,6 +154,11 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
     */
    private int bufferSize = 8 * 1024;
    /**
     * If true, causes any redirection URLs to be calculated minus the protocol and context path (defaults to false).
     */
    private boolean useRelativeContext = false;
    //~ Methods ========================================================================================================
    public void afterPropertiesSet() throws Exception {
@ -326,13 +331,28 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
    protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)
        throws IOException {
        String finalUrl;
        if (!url.startsWith("http://") && !url.startsWith("https://")) {
-            url = request.getContextPath() + url;
+            if (useRelativeContext) {
                finalUrl = url;
            } else {
                finalUrl = request.getContextPath() + url;
            }
        } else if (useRelativeContext) {
            // Calculate the relative URL from the fully qualifed URL, minus the protocol and base context.
            int len = request.getContextPath().length();
            int index = url.indexOf(request.getContextPath()) + len;
            finalUrl = url.substring(index);
            if (finalUrl.length() > 1 && finalUrl.charAt(0) == '/') {
                finalUrl = finalUrl.substring( 1 );
            }
        } else {
            finalUrl = url;
        }
        Assert.isTrue(!response.isCommitted(), "Response already committed; the authentication mechanism must be able to modify buffer size");
        response.setBufferSize(bufferSize);
-        response.sendRedirect(response.encodeRedirectURL(url));
+        response.sendRedirect(response.encodeRedirectURL(finalUrl));
    }
    public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) {
@ -456,4 +476,8 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 	public void setBufferSize(int bufferSize) {
 		this.bufferSize = bufferSize;
 	}
 	public void setUseRelativeContext(boolean useRelativeContext) {
 		this.useRelativeContext = useRelativeContext;
 	}
 }