SEC-1333: Added error message for invalid redirect URL assertion

2009-12-18 19:29:36 +00:00 · 2009-12-18 19:29:36 +00:00 · 97a31cae04
parent aeed49393c
commit 97a31cae04
1 changed files with 2 additions and 1 deletions
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
@ -66,7 +66,8 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail
     * @param defaultFailureUrl the failure URL, for example "/loginFailed.jsp".
     */
    public void setDefaultFailureUrl(String defaultFailureUrl) {
-        Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultFailureUrl));
+        Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultFailureUrl),
+                "'" + defaultFailureUrl + "' is not a valid redirect URL");
        this.defaultFailureUrl = defaultFailureUrl;
    }