Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-229: Allow external URLs from AbstractProcessingFilter.

This commit is contained in:
Ben Alex 2006-04-26 04:36:54 +00:00
parent 97ac9f7e98
commit 540c7b2e6a
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
View File

@ -350,6 +350,17 @@ public abstract class AbstractProcessingFilter implements Filter,
return uri.endsWith(request.getContextPath() + filterProcessesUrl);
}
protected void sendRedirect(HttpServletRequest request,
HttpServletResponse response, String failureUrl)
throws IOException {
if (!failureUrl.startsWith("http://")
&& !failureUrl.startsWith("https://")) {
failureUrl = request.getContextPath() + failureUrl;
}
response.sendRedirect(response.encodeRedirectURL(failureUrl));
}
public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) {
this.alwaysUseDefaultTargetUrl = alwaysUseDefaultTargetUrl;
}
@ -466,7 +477,6 @@ public abstract class AbstractProcessingFilter implements Filter,
rememberMeServices.loginFail(request, response);
response.sendRedirect(response.encodeRedirectURL(request.getContextPath()
+ failureUrl));
sendRedirect(request, response, failureUrl);
}
}