diff --git a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java index 2c0d8ae0f3..c9a8f48dde 100644 --- a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java +++ b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java @@ -54,8 +54,9 @@ public class DefaultRedirectStrategy implements RedirectStrategy { return url; } - // Calculate the relative URL from the fully qualified URL, minus the scheme and base context. - url = url.substring(url.indexOf("://") + 3); // strip off scheme + // Calculate the relative URL from the fully qualified URL, minus the last + // occurrence of the scheme and base context. + url = url.substring(url.lastIndexOf("://") + 3); // strip off scheme url = url.substring(url.indexOf(contextPath) + contextPath.length()); if (url.length() > 1 && url.charAt(0) == '/') { diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java index b91edff2d0..864957196e 100644 --- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java @@ -24,4 +24,17 @@ public class DefaultRedirectStrategyTests { assertEquals("remainder", response.getRedirectedUrl()); } + + @Test + public void contextRelativeUrlWithMultipleSchemesInHostnameIsHandledCorrectly() throws Exception { + DefaultRedirectStrategy rds = new DefaultRedirectStrategy(); + rds.setContextRelative(true); + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setContextPath("/context"); + MockHttpServletResponse response = new MockHttpServletResponse(); + + rds.sendRedirect(request, response, "http://http://context.blah.com/context/remainder"); + + assertEquals("remainder", response.getRedirectedUrl()); + } }