11 сар өмнө · 528d739a60
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultOneTimeTokenSubmitPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultOneTimeTokenSubmitPageGeneratingFilter.java
@@ -66,6 +66,7 @@ public final class DefaultOneTimeTokenSubmitPageGeneratingFilter extends OncePer
 
				 	private String generateHtml(HttpServletRequest request) {
			
 
				 		String token = request.getParameter("token");
			
 
				 		String tokenValue = StringUtils.hasText(token) ? token : "";
			
 
				+		String contextPath = request.getContextPath();
			
 
				 
			
 
				 		String hiddenInputs = this.resolveHiddenInputs.apply(request)
			
 
				 			.entrySet()
			
@@ -76,7 +77,7 @@ public final class DefaultOneTimeTokenSubmitPageGeneratingFilter extends OncePer
 
				 		return HtmlTemplates.fromTemplate(ONE_TIME_TOKEN_SUBMIT_PAGE_TEMPLATE)
			
 
				 			.withRawHtml("cssStyle", CssUtils.getCssStyleBlock().indent(4))
			
 
				 			.withValue("tokenValue", tokenValue)
			
 
				-			.withValue("loginProcessingUrl", this.loginProcessingUrl)
			
 
				+			.withValue("loginProcessingUrl", contextPath + this.loginProcessingUrl)
			
 
				 			.withRawHtml("hiddenInputs", hiddenInputs)
			
 
				 			.render();
			
 
				 	}
			
--- a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultOneTimeTokenSubmitPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultOneTimeTokenSubmitPageGeneratingFilterTests.java
@@ -77,6 +77,15 @@ class DefaultOneTimeTokenSubmitPageGeneratingFilterTests {
 
				 		assertThat(response).contains("<form class=\"login-form\" action=\"/login/another\" method=\"post\">");
			
 
				 	}
			
 
				 
			
 
				+	@Test
			
 
				+	void setContextThenGenerates() throws Exception {
			
 
				+		this.request.setContextPath("/context");
			
 
				+		this.filter.setLoginProcessingUrl("/login/another");
			
 
				+		this.filter.doFilterInternal(this.request, this.response, this.filterChain);
			
 
				+		String response = this.response.getContentAsString();
			
 
				+		assertThat(response).contains("<form class=\"login-form\" action=\"/context/login/another\" method=\"post\">");
			
 
				+	}
			
 
				+
			
 
				 	@Test
			
 
				 	void filterWhenTokenQueryParamUsesSpecialCharactersThenValueIsEscaped() throws Exception {
			
 
				 		this.request.setParameter("token", "this<>!@#\"");