From ee74c4ced201eb320bce76f0de2017123ced70ce Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Mon, 29 Aug 2011 13:47:31 +0100
Subject: [PATCH] SEC-1803: Add check in
 AbstractAuthenticationTargetUrlRequestHandler for null targetUrlParameter
 before attempting to read it from the request. Prevents NPE when
 targetUrlParameter is not set.

---
 .../AbstractAuthenticationTargetUrlRequestHandler.java      | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
index e8582cd17b..fdfeef886d 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
@@ -83,7 +83,11 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
         }
 
         // Check for the parameter and use that if available
-        String targetUrl = request.getParameter(targetUrlParameter);
+        String targetUrl = null;
+
+        if (targetUrlParameter != null) {
+            targetUrl = request.getParameter(targetUrlParameter);
+        }
 
         if (StringUtils.hasText(targetUrl)) {
             try {