SEC-861: Change default value of justUseSavedRequestOnGet to false

2008-05-30 15:09:51 +00:00 · 2008-05-30 15:09:51 +00:00 · f228d013d8
parent 4de4bb8e87
commit f228d013d8
1 changed files with 8 additions and 4 deletions
--- a/core/src/main/java/org/springframework/security/ui/TargetUrlResolverImpl.java
+++ b/core/src/main/java/org/springframework/security/ui/TargetUrlResolverImpl.java
@ -22,9 +22,11 @@ import javax.servlet.http.HttpServletRequest;

 import org.springframework.security.Authentication;
 import org.springframework.security.ui.savedrequest.SavedRequest;
+import org.springframework.security.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;

+
 /**
 * Default implementation for {@link TargetUrlResolver}
 * <p>
@ -46,11 +48,10 @@ public class TargetUrlResolverImpl implements TargetUrlResolver {
 	/**
 	 * If <code>true</code>, will only use <code>SavedRequest</code> to determine the target URL on successful
     * authentication if the request that caused the authentication request was a GET.
-     * It will return null for a POST/PUT request.
-	 * In most cases it's meaningless to redirect to a URL generated by a POST/PUT request.
-     * Defaults to true.
+     * It will then return null for a POST/PUT request.
+     * Defaults to false.
 	 */
-	private boolean justUseSavedRequestOnGet = true;
+	private boolean justUseSavedRequestOnGet = false;

    /* (non-Javadoc)
 	 * @see org.acegisecurity.ui.TargetUrlResolver#determineTargetUrl(org.acegisecurity.ui.savedrequest.SavedRequest, javax.servlet.http.HttpServletRequest, org.acegisecurity.Authentication)
@ -71,6 +72,9 @@ public class TargetUrlResolverImpl implements TargetUrlResolver {
        if (savedRequest != null) {
            if (!justUseSavedRequestOnGet || savedRequest.getMethod().equals("GET")) {
                targetUrl = savedRequest.getFullRequestUrl();
+            } else {
+            	// SavedRequest not used
+            	UrlUtils.clearSavedRequest(currentRequest);
            }
        }