Почетна Преглед Помоћ
Регистрација Пријавите се
github
/
spring-security
огледало од https://github.com/spring-projects/spring-security
2
0
Креирај огранак 0
Датотеке Дискусије 0 Вики
Преглед изворни кода

Improve HTTP redirect URL encoding.

Ben Alex пре 21 година
родитељ
d5c14142d1
комит
0cbea9b452
5 измењених фајлова са 10 додато и 7 уклоњено
Подељен поглед Покажи статистику Diff
  1. 2 1
      core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpEntryPoint.java
  2. 2 1
      core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpsEntryPoint.java
  3. 3 3
      core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
  4. 2 1
      core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java
  5. 1 1
      core/src/test/java/org/acegisecurity/MockHttpServletResponse.java

+ 2 - 1
core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpEntryPoint.java
Прегледај датотеку 

@@ -117,6 +117,7 @@ public class RetryWithHttpEntryPoint implements InitializingBean,
 
             logger.debug("Redirecting to: " + redirectUrl);
 
         }
 
 
-        ((HttpServletResponse) response).sendRedirect(redirectUrl);
 
+        ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response)
 
+            .encodeRedirectURL(redirectUrl));
 
     }
 
 }

+ 2 - 1
core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpsEntryPoint.java
Прегледај датотеку 

@@ -117,6 +117,7 @@ public class RetryWithHttpsEntryPoint implements InitializingBean,
 
             logger.debug("Redirecting to: " + redirectUrl);
 
         }
 
 
-        ((HttpServletResponse) response).sendRedirect(redirectUrl);
 
+        ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response)
 
+            .encodeRedirectURL(redirectUrl));
 
     }
 
 }

+ 3 - 3
core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
Прегледај датотеку 

@@ -224,8 +224,8 @@ public abstract class AbstractProcessingFilter implements Filter,
 
                     failed);
 
                 httpRequest.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
 
                     null);
 
-                httpResponse.sendRedirect(httpRequest.getContextPath()
 
-                    + authenticationFailureUrl);
 
+                httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest
 
+                        .getContextPath() + authenticationFailureUrl));
 
 
                 return;
 
             }
 
@@ -252,7 +252,7 @@ public abstract class AbstractProcessingFilter implements Filter,
 
                     + targetUrl);
 
             }
 
 
-            httpResponse.sendRedirect(targetUrl);
 
+            httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl));
 
 
             return;
 
         }

+ 2 - 1
core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java
Прегледај датотеку 

@@ -176,6 +176,7 @@ public class AuthenticationProcessingFilterEntryPoint
 
             logger.debug("Redirecting to: " + redirectUrl);
 
         }
 
 
-        ((HttpServletResponse) response).sendRedirect(redirectUrl);
 
+        ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response)
 
+            .encodeRedirectURL(redirectUrl));
 
     }
 
 }

+ 1 - 1
core/src/test/java/org/acegisecurity/MockHttpServletResponse.java
Прегледај датотеку 

@@ -146,7 +146,7 @@ public class MockHttpServletResponse implements HttpServletResponse {
 
     }
 
 
     public String encodeRedirectURL(String arg0) {
 
-        throw new UnsupportedOperationException("mock method not implemented");
 
+        return arg0;
 
     }
 
 
     public String encodeRedirectUrl(String arg0) {