From 97a31cae04855a6e693e63717c2d8b1f1f451bca Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Fri, 18 Dec 2009 19:29:36 +0000
Subject: [PATCH] SEC-1333: Added error message for invalid redirect URL
 assertion

---
 .../authentication/SimpleUrlAuthenticationFailureHandler.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
index cc1824a169..022f2937e6 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
@@ -66,7 +66,8 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail
      * @param defaultFailureUrl the failure URL, for example "/loginFailed.jsp".
      */
     public void setDefaultFailureUrl(String defaultFailureUrl) {
-        Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultFailureUrl));
+        Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultFailureUrl),
+                "'" + defaultFailureUrl + "' is not a valid redirect URL");
         this.defaultFailureUrl = defaultFailureUrl;
     }