Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-14 16:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1428: Check if response has been committed before redirecting to target URL in AbstractAuthenticationTargetUrlRequestHandler.

Browse Source
This commit is contained in:
Luke Taylor 2010-03-04 22:00:37 +00:00
parent 87cf27ab7c
commit 5690f1c581
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
View File

@ -39,6 +39,7 @@ import org.springframework.util.StringUtils;
* <li> * <li>
* As a fallback option, the <tt>defaultTargetUrl</tt> value will be used. * As a fallback option, the <tt>defaultTargetUrl</tt> value will be used.
* </li> * </li>
* </ul>
* *
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
@ -56,13 +57,26 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
protected AbstractAuthenticationTargetUrlRequestHandler() { protected AbstractAuthenticationTargetUrlRequestHandler() {
} }
/**
* Invokes the configured {@code RedirectStrategy} with the URL returned by the {@code determineTargetUrl} method.
* <p>
* The redirect will not be performed if the response has already been committed.
*/
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException { throws IOException, ServletException {
String targetUrl = determineTargetUrl(request, response); String targetUrl = determineTargetUrl(request, response);
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl); redirectStrategy.sendRedirect(request, response, targetUrl);
} }
/**
* Builds the target URL according to the logic defined in the main class Javadoc.
*/
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) { protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
if (isAlwaysUseDefaultTargetUrl()) { if (isAlwaysUseDefaultTargetUrl()) {
return defaultTargetUrl; return defaultTargetUrl;
@ -102,7 +116,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
* *
* @return the defaultTargetUrl property * @return the defaultTargetUrl property
*/ */
protected String getDefaultTargetUrl() { protected final String getDefaultTargetUrl() {
return defaultTargetUrl; return defaultTargetUrl;
} }
@ -137,7 +151,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
* The current request will be checked for this parameter before and the value used as the target URL if present. * The current request will be checked for this parameter before and the value used as the target URL if present.
* *
* @param targetUrlParameter the name of the parameter containing the encoded target URL. Defaults * @param targetUrlParameter the name of the parameter containing the encoded target URL. Defaults
* to "redirect". * to "spring-security-redirect".
*/ */
public void setTargetUrlParameter(String targetUrlParameter) { public void setTargetUrlParameter(String targetUrlParameter) {
Assert.hasText("targetUrlParameter canot be null or empty"); Assert.hasText("targetUrlParameter canot be null or empty");