Favor Relative Redirects by Default

Closes gh-16300

config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java

@@ -87,7 +87,7 @@ import static org.springframework.security.web.servlet.util.matcher.PathPatternR
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.forwardedUrl;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrlPattern;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
@@ -175,7 +175,7 @@ public class NamespaceHttpTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrlPattern("**/entry-point"));
+				.andExpect(redirectedUrl("/entry-point"));
 		// @formatter:on
 	}
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java

@@ -78,7 +78,7 @@ public class DefaultLoginPageConfigurerTests {
 	@Test
 	public void getWhenFormLoginEnabledThenRedirectsToLoginPage() throws Exception {
 		this.spring.register(DefaultLoginPageConfig.class).autowire();
-		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("/login"));
 	}
 
 	@Test

config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java

@@ -214,8 +214,7 @@ public class ExceptionHandlingConfigurerTests {
 	@Test
 	public void getWhenUsingDefaultsAndUnauthenticatedThenRedirectsToLogin() throws Exception {
 		this.spring.register(DefaultHttpConfig.class).autowire();
-		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type"))
-			.andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type")).andExpect(redirectedUrl("/login"));
 	}
 
 	@Test

config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java

@@ -181,7 +181,7 @@ public class FormLoginConfigurerTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/private"))
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 
@@ -236,7 +236,7 @@ public class FormLoginConfigurerTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/private"))
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 
@@ -350,7 +350,7 @@ public class FormLoginConfigurerTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/login?error"))
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 
@@ -404,7 +404,7 @@ public class FormLoginConfigurerTests {
 		this.mockMvc.perform(get("/profile").with(user(user)))
 			.andExpect(status().is3xxRedirection())
 			.andExpect(redirectedUrl(
-					"http://localhost/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"));
+					"/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"));
 		this.mockMvc
 			.perform(post("/ott/generate").param("username", "rod")
 				.with(user(user))
@@ -422,13 +422,13 @@ public class FormLoginConfigurerTests {
 			.build();
 		this.mockMvc.perform(get("/profile").with(user(user)))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=password&factor.reason=missing"));
 		user = PasswordEncodedUser.withUserDetails(user)
 			.authorities("profile:read", FactorGrantedAuthority.PASSWORD_AUTHORITY)
 			.build();
 		this.mockMvc.perform(get("/profile").with(user(user)))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=ott&factor.reason=missing"));
 		user = PasswordEncodedUser.withUserDetails(user)
 			.authorities("profile:read", FactorGrantedAuthority.PASSWORD_AUTHORITY,
 					FactorGrantedAuthority.OTT_AUTHORITY)
@@ -445,7 +445,7 @@ public class FormLoginConfigurerTests {
 		this.mockMvc.perform(get("/login")).andExpect(status().isOk());
 		this.mockMvc.perform(get("/profile").with(SecurityMockMvcRequestPostProcessors.x509("rod.cer")))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=password&factor.reason=missing"));
 		this.mockMvc
 			.perform(post("/login").param("username", "rod")
 				.param("password", "password")

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java

@@ -66,7 +66,7 @@ public class NamespaceHttpFormLoginTests {
 	@Test
 	public void formLoginWhenDefaultConfigurationThenMatchesNamespace() throws Exception {
 		this.spring.register(FormLoginConfig.class, UserDetailsServiceConfig.class).autowire();
-		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("/login"));
 		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error"));
 		// @formatter:off
 		MockHttpServletRequestBuilder loginRequest = post("/login")
@@ -80,7 +80,7 @@ public class NamespaceHttpFormLoginTests {
 	@Test
 	public void formLoginWithCustomEndpointsThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(FormLoginCustomConfig.class, UserDetailsServiceConfig.class).autowire();
-		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("/authentication/login"));
 		this.mvc.perform(post("/authentication/login/process").with(csrf()))
 			.andExpect(redirectedUrl("/authentication/login?failed"));
 		// @formatter:off
@@ -95,7 +95,7 @@ public class NamespaceHttpFormLoginTests {
 	@Test
 	public void formLoginWithCustomHandlersThenBehaviorMatchesNamespace() throws Exception {
 		this.spring.register(FormLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire();
-		this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(get("/")).andExpect(redirectedUrl("/login"));
 		this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/custom/failure"));
 		verifyBean(WebAuthenticationDetailsSource.class).buildDetails(any(HttpServletRequest.class));
 		// @formatter:off

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java

@@ -104,7 +104,7 @@ public class NamespaceRememberMeTests {
 				.with(csrf())
 				.cookie(rememberMe);
 		this.mvc.perform(authenticationClassRequest)
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn();
 		// @formatter:on
 	}
@@ -150,7 +150,7 @@ public class NamespaceRememberMeTests {
 		// @formatter:off
 		this.mvc.perform(somewhereRequest)
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		MockHttpServletRequestBuilder loginWithRememberme = post("/login").with(rememberMeLogin());
 		Cookie withKey = this.mvc.perform(loginWithRememberme)
 				.andReturn()

config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java

@@ -240,7 +240,7 @@ public class RememberMeConfigurerTests {
 				.with(csrf())
 				.cookie(expiredRememberMeCookie);
 		// @formatter:on
-		this.mvc.perform(expiredRequest).andExpect(redirectedUrl("http://localhost/login"));
+		this.mvc.perform(expiredRequest).andExpect(redirectedUrl("/login"));
 	}
 
 	@Test

config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java

@@ -90,7 +90,7 @@ public class RequestCacheConfigurerTests {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.ico"))
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession();
@@ -104,7 +104,7 @@ public class RequestCacheConfigurerTests {
 		this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
 		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.png"))
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession();
@@ -120,7 +120,7 @@ public class RequestCacheConfigurerTests {
 		MockHttpServletRequestBuilder request = get("/messages").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON);
 		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession();
@@ -140,7 +140,7 @@ public class RequestCacheConfigurerTests {
 				.header("X-Requested-With", "XMLHttpRequest");
 		MockHttpSession session = (MockHttpSession) this.mvc
 				.perform(xRequestedWith)
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession();
@@ -157,7 +157,7 @@ public class RequestCacheConfigurerTests {
 				MediaType.TEXT_EVENT_STREAM);
 		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession();
@@ -174,7 +174,7 @@ public class RequestCacheConfigurerTests {
 		MockHttpServletRequestBuilder request = get("/messages").header("Upgrade", "websocket");
 		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession();
@@ -191,7 +191,7 @@ public class RequestCacheConfigurerTests {
 		MockHttpServletRequestBuilder request = get("/messages").header(HttpHeaders.ACCEPT, MediaType.ALL);
 		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession();
@@ -205,7 +205,7 @@ public class RequestCacheConfigurerTests {
 		MockHttpServletRequestBuilder request = get("/messages").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
 		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession();
@@ -220,7 +220,7 @@ public class RequestCacheConfigurerTests {
 		MockHttpServletRequestBuilder request = get("/messages")
 				.header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession();
@@ -235,7 +235,7 @@ public class RequestCacheConfigurerTests {
 		MockHttpServletRequestBuilder request = get("/messages")
 				.header("X-Requested-With", "com.android");
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(request)
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession();
@@ -315,7 +315,7 @@ public class RequestCacheConfigurerTests {
 			.autowire();
 		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/favicon.ico"))
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession();

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java

@@ -447,7 +447,7 @@ public class OAuth2LoginConfigurerTests {
 		String requestUri = "/";
 		this.request = get(requestUri).build();
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/oauth2/authorization/google");
+		assertThat(this.response.getRedirectedUrl()).matches("/oauth2/authorization/google");
 	}
 
 	// gh-6802
@@ -457,7 +457,7 @@ public class OAuth2LoginConfigurerTests {
 		String requestUri = "/";
 		this.request = get(requestUri).build();
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login");
+		assertThat(this.response.getRedirectedUrl()).matches("/login");
 	}
 
 	// gh-5347
@@ -469,7 +469,7 @@ public class OAuth2LoginConfigurerTests {
 		this.request = get(requestUri).build();
 		this.request.addHeader(HttpHeaders.ACCEPT, new MediaType("image", "*").toString());
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login");
+		assertThat(this.response.getRedirectedUrl()).matches("/login");
 	}
 
 	// gh-5347
@@ -479,7 +479,7 @@ public class OAuth2LoginConfigurerTests {
 		String requestUri = "/";
 		this.request = get(requestUri).build();
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login");
+		assertThat(this.response.getRedirectedUrl()).matches("/login");
 	}
 
 	// gh-6812
@@ -524,7 +524,7 @@ public class OAuth2LoginConfigurerTests {
 		String requestUri = "/";
 		this.request = get(requestUri).build();
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/oauth2/authorization/google");
+		assertThat(this.response.getRedirectedUrl()).matches("/oauth2/authorization/google");
 	}
 
 	@Test
@@ -533,7 +533,7 @@ public class OAuth2LoginConfigurerTests {
 		String requestUri = "/";
 		this.request = get(requestUri).build();
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/custom-login");
+		assertThat(this.response.getRedirectedUrl()).matches("/custom-login");
 	}
 
 	@Test
@@ -542,7 +542,7 @@ public class OAuth2LoginConfigurerTests {
 		String requestUri = "/";
 		this.request = get(requestUri).build();
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
-		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/custom-login");
+		assertThat(this.response.getRedirectedUrl()).matches("/custom-login");
 	}
 
 	@Test

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java

@@ -1212,7 +1212,7 @@ public class OAuth2ResourceServerConfigurerTests {
 		MvcResult result = this.mvc.perform(get("/authenticated")
 				.header("Accept", "text/html"))
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn();
 		// @formatter:on
 		assertThat(result.getRequest().getSession(false)).isNotNull();

config/src/test/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurerTests.java

@@ -191,9 +191,7 @@ public class OneTimeTokenLoginConfigurerTests {
 	@Test
 	void oneTimeTokenWhenLoginPageConfiguredThenRedirects() throws Exception {
 		this.spring.register(OneTimeTokenLoginPageConfig.class).autowire();
-		this.mvc.perform(get("/login"))
-			.andExpect(status().isFound())
-			.andExpect(redirectedUrl("http://localhost/custom-login"));
+		this.mvc.perform(get("/login")).andExpect(status().isFound()).andExpect(redirectedUrl("/custom-login"));
 	}
 
 	@Test

config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java

@@ -356,7 +356,7 @@ public class Saml2LoginConfigurerTests {
 		MockHttpServletRequestBuilder request = get("/custom/auth/sso");
 		this.mvc.perform(request)
 			.andExpect(status().isFound())
-			.andExpect(redirectedUrl("http://localhost/custom/auth/sso?entityId=registration-id"));
+			.andExpect(redirectedUrl("/custom/auth/sso?entityId=registration-id"));
 		request.queryParam("entityId", registration.getRegistrationId());
 		MvcResult result = this.mvc.perform(request).andExpect(status().isFound()).andReturn();
 		String redirectedUrl = result.getResponse().getRedirectedUrl();
@@ -407,10 +407,10 @@ public class Saml2LoginConfigurerTests {
 		this.spring.register(Saml2LoginConfig.class).autowire();
 		this.mvc.perform(get("/favicon.ico").accept(MediaType.TEXT_HTML))
 			.andExpect(status().isFound())
-			.andExpect(redirectedUrl("http://localhost/login"));
+			.andExpect(redirectedUrl("/login"));
 		this.mvc.perform(get("/").accept(MediaType.TEXT_HTML))
 			.andExpect(status().isFound())
-			.andExpect(header().string("Location", startsWith("http://localhost/saml2/authenticate")));
+			.andExpect(header().string("Location", startsWith("/saml2/authenticate")));
 	}
 
 	@Test

config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java

@@ -379,7 +379,7 @@ public class CsrfConfigTests {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
 		// simulates a request that has no authentication (e.g. session time-out)
 		MvcResult result = this.mvc.perform(post("/authenticated").with(csrf()))
-			.andExpect(redirectedUrl("http://localhost/login"))
+			.andExpect(redirectedUrl("/login"))
 			.andReturn();
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
 		// if the request cache is consulted, then it will redirect back to /some-url,
@@ -400,9 +400,7 @@ public class CsrfConfigTests {
 			throws Exception {
 		this.spring.configLocations(this.xml("CsrfEnabled")).autowire();
 		// simulates a request that has no authentication (e.g. session time-out)
-		MvcResult result = this.mvc.perform(get("/authenticated"))
-			.andExpect(redirectedUrl("http://localhost/login"))
-			.andReturn();
+		MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(redirectedUrl("/login")).andReturn();
 		MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
 		// if the request cache is consulted, then it will redirect back to /some-url,
 		// which we do want

config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java

@@ -73,7 +73,7 @@ public class FormLoginConfigTests {
 		this.spring.configLocations(this.xml("WithRequestMatcher")).autowire();
 		// @formatter:off
 		this.mvc.perform(get("/"))
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 
@@ -107,7 +107,7 @@ public class FormLoginConfigTests {
 		this.mvc.perform(invalidPassword)
 				.andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/failure"));
 		this.mvc.perform(get("/"))
-				.andExpect(redirectedUrl("http://localhost" + WebConfigUtilsTests.URL + "/login"));
+				.andExpect(redirectedUrl(WebConfigUtilsTests.URL + "/login"));
 		// @formatter:on
 	}
 

config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java

@@ -71,7 +71,7 @@ public class HttpConfigTests {
 		// @formatter:off
 		this.mvc.perform(get("/"))
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 
@@ -81,7 +81,7 @@ public class HttpConfigTests {
 		// @formatter:off
 		this.mvc.perform(get("/"))
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 
@@ -94,7 +94,7 @@ public class HttpConfigTests {
 		// @formatter:off
 		this.mvc.perform(get("/"))
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 		verify(authorizationManager).authorize(any(), any());
 	}
@@ -108,7 +108,7 @@ public class HttpConfigTests {
 		proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> {
 		});
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
-		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login");
+		assertThat(response.getRedirectedUrl()).isEqualTo("/login");
 	}
 
 	@Test

config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java

@@ -612,7 +612,7 @@ public class MiscHttpConfigTests {
 		proxy.doFilter(request, new EncodeUrlDenyingHttpServletResponseWrapper(response), (req, resp) -> {
 		});
 		assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
-		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login");
+		assertThat(response.getRedirectedUrl()).isEqualTo("/login");
 	}
 
 	@Test
@@ -841,7 +841,7 @@ public class MiscHttpConfigTests {
 		this.spring.configLocations(xml("PortsMappedRequiresHttps")).autowire();
 		// @formatter:off
 		MockHttpSession session = (MockHttpSession) this.mvc.perform(get("https://localhost:9080/protected"))
-				.andExpect(redirectedUrl("https://localhost:9443/login"))
+				.andExpect(redirectedUrl("/login"))
 				.andReturn()
 				.getRequest()
 				.getSession(false);

config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java

@@ -180,7 +180,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		// @formatter:off
 		this.mvc.perform(get("/"))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("http://localhost/oauth2/authorization/google-login"));
+				.andExpect(redirectedUrl("/oauth2/authorization/google-login"));
 		// @formatter:on
 		verify(this.requestCache).saveRequest(any(), any());
 	}
@@ -193,7 +193,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		// @formatter:off
 		this.mvc.perform(get("/favicon.ico").accept(new MediaType("image", "*")))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 
@@ -205,7 +205,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		// @formatter:off
 		this.mvc.perform(get("/").header("X-Requested-With", "XMLHttpRequest"))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 
@@ -423,7 +423,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		// @formatter:off
 		this.mvc.perform(get("/"))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 
@@ -433,7 +433,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		// @formatter:off
 		this.mvc.perform(get("/"))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("http://localhost/custom-login"));
+				.andExpect(redirectedUrl("/custom-login"));
 		// @formatter:on
 	}
 
@@ -445,7 +445,7 @@ public class OAuth2LoginBeanDefinitionParserTests {
 		// @formatter:off
 		this.mvc.perform(get("/"))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 

config/src/test/java/org/springframework/security/config/http/PlaceHolderAndELConfigTests.java

@@ -73,7 +73,7 @@ public class PlaceHolderAndELConfigTests {
 		// login-page setting
 		// @formatter:off
 		this.mvc.perform(get("/secured"))
-				.andExpect(redirectedUrl("http://localhost/loginPage"));
+				.andExpect(redirectedUrl("/loginPage"));
 		// login-processing-url setting
 		// default-target-url setting
 		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password"))
@@ -98,7 +98,7 @@ public class PlaceHolderAndELConfigTests {
 		// login-page setting
 		// @formatter:off
 		this.mvc.perform(get("/secured"))
-				.andExpect(redirectedUrl("http://localhost/loginPage"));
+				.andExpect(redirectedUrl("/loginPage"));
 		// login-processing-url setting
 		// default-target-url setting
 		this.mvc.perform(post("/loginPage").param("username", "user").param("password", "password"))

config/src/test/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserTests.java

@@ -161,7 +161,7 @@ public class Saml2LoginBeanDefinitionParserTests {
 		// @formatter:off
 		this.mvc.perform(get("/"))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("http://localhost/saml2/authenticate/one"));
+				.andExpect(redirectedUrl("/saml2/authenticate/one"));
 		// @formatter:on
 		verify(this.requestCache).saveRequest(any(), any());
 	}
@@ -172,7 +172,7 @@ public class Saml2LoginBeanDefinitionParserTests {
 		// @formatter:off
 		this.mvc.perform(get("/"))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 

config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java

@@ -78,7 +78,7 @@ public class SecurityContextHolderAwareRequestConfigTests {
 		// @formatter:off
 		this.mvc.perform(get("/authenticate"))
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 
@@ -114,7 +114,7 @@ public class SecurityContextHolderAwareRequestConfigTests {
 		// @formatter:off
 		this.mvc.perform(get("/authenticate"))
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 
@@ -137,10 +137,10 @@ public class SecurityContextHolderAwareRequestConfigTests {
 		// @formatter:off
 		this.mvc.perform(get("/authenticate"))
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login"));
+				.andExpect(redirectedUrl("/login"));
 		this.mvc.perform(get("/v2/authenticate"))
 				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("http://localhost/login2"));
+				.andExpect(redirectedUrl("/login2"));
 		// @formatter:on
 	}
 
@@ -177,9 +177,7 @@ public class SecurityContextHolderAwareRequestConfigTests {
 	@Test
 	public void servletLogoutWhenUsingCustomLogoutThenUsesSpringSecurity() throws Exception {
 		this.spring.configLocations(this.xml("Logout")).autowire();
-		this.mvc.perform(get("/authenticate"))
-			.andExpect(status().isFound())
-			.andExpect(redirectedUrl("http://localhost/signin"));
+		this.mvc.perform(get("/authenticate")).andExpect(status().isFound()).andExpect(redirectedUrl("/signin"));
 		// @formatter:off
 		MvcResult result = this.mvc.perform(get("/good-login"))
 				.andReturn();

config/src/test/kotlin/org/springframework/security/config/annotation/web/ExceptionHandlingDslTests.kt

@@ -218,7 +218,7 @@ class ExceptionHandlingDslTests {
         this.mockMvc.get("/")
                 .andExpect {
                     status { isFound() }
-                    redirectedUrl("http://localhost/custom-login")
+                    redirectedUrl("/custom-login")
                 }
     }
 
@@ -247,13 +247,13 @@ class ExceptionHandlingDslTests {
         this.mockMvc.get("/secured1")
                 .andExpect {
                     status { isFound() }
-                    redirectedUrl("http://localhost/custom-login1")
+                    redirectedUrl("/custom-login1")
                 }
 
         this.mockMvc.get("/secured2")
                 .andExpect {
                     status { isFound() }
-                    redirectedUrl("http://localhost/custom-login2")
+                    redirectedUrl("/custom-login2")
                 }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/FormLoginDslTests.kt

@@ -144,7 +144,7 @@ class FormLoginDslTests {
         this.mockMvc.get("/")
                 .andExpect {
                     status { isFound() }
-                    redirectedUrl("http://localhost/login")
+                    redirectedUrl("/login")
                 }
     }
 
@@ -170,7 +170,7 @@ class FormLoginDslTests {
         this.mockMvc.get("/")
                 .andExpect {
                     status { isFound() }
-                    redirectedUrl("http://localhost/log-in")
+                    redirectedUrl("/log-in")
                 }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/RememberMeDslTests.kt

@@ -148,7 +148,7 @@ internal class RememberMeDslTests {
             cookie(expiredRememberMeCookie)
         }.andExpect {
             status { isFound() }
-            redirectedUrl("http://localhost/login")
+            redirectedUrl("/login")
         }
     }
 
@@ -224,7 +224,7 @@ internal class RememberMeDslTests {
             cookie(withoutKeyRememberMeCookie)
         }.andExpect {
             status { isFound() }
-            redirectedUrl("http://localhost/login")
+            redirectedUrl("/login")
         }
         val keyMvcResult = mockMvc.post("/login") {
             loginRememberMeRequest()

config/src/test/kotlin/org/springframework/security/config/annotation/web/Saml2DslTests.kt

@@ -146,7 +146,7 @@ class Saml2DslTests {
         val request = MockMvcRequestBuilders.get("/custom/auth/sso")
         this.mockMvc.perform(request)
             .andExpect(MockMvcResultMatchers.status().isFound())
-            .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/custom/auth/sso?entityId=simplesamlphp"))
+            .andExpect(MockMvcResultMatchers.redirectedUrl("/custom/auth/sso?entityId=simplesamlphp"))
         request.queryParam("entityId", registration.registrationId)
         val result: MvcResult =
             this.mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isFound()).andReturn()

config/src/test/kotlin/org/springframework/security/config/annotation/web/oauth2/login/TokenEndpointDslTests.kt

@@ -72,7 +72,7 @@ class TokenEndpointDslTests {
                 .state("test")
                 .clientId("clientId")
                 .authorizationUri("https://test")
-                .redirectUri("http://localhost/login/oauth2/code/google")
+                .redirectUri("/login/oauth2/code/google")
                 .attributes(attributes)
                 .build()
         every {

config/src/test/kotlin/org/springframework/security/config/annotation/web/oauth2/login/UserInfoEndpointDslTests.kt

@@ -77,7 +77,7 @@ class UserInfoEndpointDslTests {
                 .state("test")
                 .clientId("clientId")
                 .authorizationUri("https://test")
-                .redirectUri("http://localhost/login/oauth2/code/google")
+                .redirectUri("/login/oauth2/code/google")
                 .attributes(attributes)
                 .build()
         every {

docs/src/test/java/org/springframework/security/docs/servlet/authentication/authorizationmanagerfactory/AuthorizationManagerFactoryTests.java

@@ -69,7 +69,7 @@ public class AuthorizationManagerFactoryTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=ott&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -80,7 +80,7 @@ public class AuthorizationManagerFactoryTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=password&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -91,7 +91,7 @@ public class AuthorizationManagerFactoryTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -101,7 +101,7 @@ public class AuthorizationManagerFactoryTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login"));
+			.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 

docs/src/test/java/org/springframework/security/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationTests.java

@@ -69,7 +69,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=ott&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -80,7 +80,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=password&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -91,7 +91,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -101,7 +101,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login"));
+			.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 

docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultiFactorAuthenticationTests.java

@@ -69,7 +69,7 @@ public class MultiFactorAuthenticationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=ott&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -80,7 +80,7 @@ public class MultiFactorAuthenticationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=password&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -91,7 +91,7 @@ public class MultiFactorAuthenticationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -101,7 +101,7 @@ public class MultiFactorAuthenticationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login"));
+			.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 

docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfigurationTests.java

@@ -69,7 +69,7 @@ public class MultipleAuthorizationRulesConfigurationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=ott&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -80,7 +80,7 @@ public class MultipleAuthorizationRulesConfigurationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=password&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -91,7 +91,7 @@ public class MultipleAuthorizationRulesConfigurationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -101,7 +101,7 @@ public class MultipleAuthorizationRulesConfigurationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login"));
+			.andExpect(redirectedUrl("/login"));
 		// @formatter:on
 	}
 

docs/src/test/java/org/springframework/security/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfigurationTests.java

@@ -58,7 +58,7 @@ public class AdminMfaAuthorizationManagerConfigurationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.type=password&factor.reason=missing&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=ott&factor.type=password&factor.reason=missing&factor.reason=missing"));
 		// @formatter:on
 	}
 

docs/src/test/java/org/springframework/security/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfigurationTests.java

@@ -58,7 +58,7 @@ public class RequiredAuthoritiesAuthorizationManagerConfigurationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.type=password&factor.reason=missing&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=ott&factor.type=password&factor.reason=missing&factor.reason=missing"));
 		// @formatter:on
 	}
 

docs/src/test/java/org/springframework/security/docs/servlet/authentication/reauthentication/ReauthenticationTests.java

@@ -69,7 +69,7 @@ public class ReauthenticationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/profile"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=ott&factor.reason=missing"));
 		// @formatter:on
 	}
 

docs/src/test/java/org/springframework/security/docs/servlet/authentication/selectivemfa/SelectiveMfaConfigurationTests.java

@@ -59,7 +59,7 @@ public class SelectiveMfaConfigurationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/admin/"))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrlPattern("http://localhost/login?*"));
+				.andExpect(redirectedUrlPattern("/login?*"));
 		// @formatter:on
 	}
 
@@ -81,7 +81,7 @@ public class SelectiveMfaConfigurationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/admin/"))
 			.andExpect(status().is3xxRedirection())
-			.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"));
+			.andExpect(redirectedUrl("/login?factor.type=ott&factor.reason=missing"));
 		// @formatter:on
 	}
 
@@ -92,7 +92,7 @@ public class SelectiveMfaConfigurationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/user/settings/"))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrlPattern("http://localhost/login?*"));
+				.andExpect(redirectedUrlPattern("/login?*"));
 		// @formatter:on
 	}
 

docs/src/test/java/org/springframework/security/docs/servlet/authentication/validduration/ValidDurationConfigurationTests.java

@@ -63,7 +63,7 @@ public class ValidDurationConfigurationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/admin/").with(admin(Duration.ofMinutes(31))))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrlPattern("http://localhost/login?*"));
+				.andExpect(redirectedUrlPattern("/login?*"));
 		// @formatter:on
 	}
 
@@ -84,7 +84,7 @@ public class ValidDurationConfigurationTests {
 		// @formatter:off
 		this.mockMvc.perform(get("/user/settings").with(user(Duration.ofMinutes(61))))
 				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrlPattern("http://localhost/login?*"));
+				.andExpect(redirectedUrlPattern("/login?*"));
 		// @formatter:on
 	}
 

docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/authorizationmanagerfactory/AuthorizationManagerFactoryTests.kt

@@ -68,7 +68,7 @@ class AuthorizationManagerFactoryTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=ott&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -81,7 +81,7 @@ class AuthorizationManagerFactoryTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=password&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -94,7 +94,7 @@ class AuthorizationManagerFactoryTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -106,7 +106,7 @@ class AuthorizationManagerFactoryTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login"))
     		// @formatter:on
     }
 

docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfigurationTests.kt

@@ -66,7 +66,7 @@ class EnableGlobalMultiFactorAuthenticationConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=ott&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -78,7 +78,7 @@ class EnableGlobalMultiFactorAuthenticationConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=password&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -90,7 +90,7 @@ class EnableGlobalMultiFactorAuthenticationConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -101,7 +101,7 @@ class EnableGlobalMultiFactorAuthenticationConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login"))
     		// @formatter:on
     }
 

docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultiFactorAuthenticationTests.kt

@@ -66,7 +66,7 @@ class MultiFactorAuthenticationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=ott&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -78,7 +78,7 @@ class MultiFactorAuthenticationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=password&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -90,7 +90,7 @@ class MultiFactorAuthenticationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -101,7 +101,7 @@ class MultiFactorAuthenticationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login"))
     		// @formatter:on
     }
 

docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfigurationTests.kt

@@ -66,7 +66,7 @@ class MultipleAuthorizationRulesConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=ott&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -78,7 +78,7 @@ class MultipleAuthorizationRulesConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=password&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -90,7 +90,7 @@ class MultipleAuthorizationRulesConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=password&factor.type=ott&factor.reason=missing&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -101,7 +101,7 @@ class MultipleAuthorizationRulesConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login"))
     		// @formatter:on
     }
 

docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfigurationTests.kt

@@ -55,7 +55,7 @@ class AdminMfaAuthorizationManagerConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(get("/"))
             .andExpect(status().is3xxRedirection())
-            .andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.type=password&factor.reason=missing&factor.reason=missing"))
+            .andExpect(redirectedUrl("/login?factor.type=ott&factor.type=password&factor.reason=missing&factor.reason=missing"))
         // @formatter:on
     }
 

docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/reauthentication/ReauthenticationTests.kt

@@ -68,7 +68,7 @@ class ReauthenticationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/profile"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=ott&factor.reason=missing"))
     		// @formatter:on
     }
 

docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/selectivemfa/SelectiveMfaConfigurationTests.kt

@@ -56,7 +56,7 @@ class SelectiveMfaConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/admin/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrlPattern("http://localhost/login?*"))
+        .andExpect(MockMvcResultMatchers.redirectedUrlPattern("/login?*"))
     		// @formatter:on
     }
 
@@ -86,7 +86,7 @@ class SelectiveMfaConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/admin/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"))
+        .andExpect(MockMvcResultMatchers.redirectedUrl("/login?factor.type=ott&factor.reason=missing"))
     		// @formatter:on
     }
 
@@ -100,7 +100,7 @@ class SelectiveMfaConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/user/settings/"))
         .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-        .andExpect(MockMvcResultMatchers.redirectedUrlPattern("http://localhost/login?*"))
+        .andExpect(MockMvcResultMatchers.redirectedUrlPattern("/login?*"))
     		// @formatter:on
     }
 

docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/validduration/ValidDurationConfigurationTests.kt

@@ -60,7 +60,7 @@ class ValidDurationConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/admin/").with(admin(Duration.ofMinutes(31))))
             .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-            .andExpect(MockMvcResultMatchers.redirectedUrlPattern("http://localhost/login?*"))
+            .andExpect(MockMvcResultMatchers.redirectedUrlPattern("/login?*"))
         // @formatter:on
     }
 
@@ -85,7 +85,7 @@ class ValidDurationConfigurationTests {
         // @formatter:off
         this.mockMvc!!.perform(MockMvcRequestBuilders.get("/user/settings").with(user(Duration.ofMinutes(61))))
             .andExpect(MockMvcResultMatchers.status().is3xxRedirection())
-            .andExpect(MockMvcResultMatchers.redirectedUrlPattern("http://localhost/login?*"))
+            .andExpect(MockMvcResultMatchers.redirectedUrlPattern("/login?*"))
         // @formatter:on
     }
 

web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java

@@ -85,7 +85,7 @@ public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoin
 
 	private boolean useForward = false;
 
-	private boolean favorRelativeUris = false;
+	private boolean favorRelativeUris = true;
 
 	private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
 

web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java

@@ -105,6 +105,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 			.build();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
+		ep.setFavorRelativeUris(false);
 		ep.setPortMapper(new PortMapperImpl());
 		ep.setForceHttps(true);
 		ep.setPortMapper(new PortMapperImpl());
@@ -130,12 +131,13 @@ public class LoginUrlAuthenticationEntryPointTests {
 		MockHttpServletRequest request = get().requestUri("/bigWebApp", "/some_path", null).build();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ep.commence(request, response, null);
-		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello");
+		assertThat(response.getRedirectedUrl()).isEqualTo("/bigWebApp/hello");
 	}
 
 	@Test
 	public void testOperationWhenHttpsRequestsButHttpsPortUnknown() throws Exception {
 		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
+		ep.setFavorRelativeUris(false);
 		ep.setForceHttps(true);
 		ep.afterPropertiesSet();
 		MockHttpServletRequest request = get("http://localhost:8888").requestUri("/bigWebApp", "/some_path", null)