|
|
@@ -22,9 +22,11 @@ import javax.servlet.http.HttpServletRequest;
|
|
|
|
|
|
import org.springframework.security.Authentication;
|
|
|
import org.springframework.security.ui.savedrequest.SavedRequest;
|
|
|
+import org.springframework.security.util.UrlUtils;
|
|
|
import org.springframework.util.Assert;
|
|
|
import org.springframework.util.StringUtils;
|
|
|
|
|
|
+
|
|
|
/**
|
|
|
* Default implementation for {@link TargetUrlResolver}
|
|
|
* <p>
|
|
|
@@ -46,11 +48,10 @@ public class TargetUrlResolverImpl implements TargetUrlResolver {
|
|
|
/**
|
|
|
* If <code>true</code>, will only use <code>SavedRequest</code> to determine the target URL on successful
|
|
|
* authentication if the request that caused the authentication request was a GET.
|
|
|
- * It will return null for a POST/PUT request.
|
|
|
- * In most cases it's meaningless to redirect to a URL generated by a POST/PUT request.
|
|
|
- * Defaults to true.
|
|
|
+ * It will then return null for a POST/PUT request.
|
|
|
+ * Defaults to false.
|
|
|
*/
|
|
|
- private boolean justUseSavedRequestOnGet = true;
|
|
|
+ private boolean justUseSavedRequestOnGet = false;
|
|
|
|
|
|
/* (non-Javadoc)
|
|
|
* @see org.acegisecurity.ui.TargetUrlResolver#determineTargetUrl(org.acegisecurity.ui.savedrequest.SavedRequest, javax.servlet.http.HttpServletRequest, org.acegisecurity.Authentication)
|
|
|
@@ -71,6 +72,9 @@ public class TargetUrlResolverImpl implements TargetUrlResolver {
|
|
|
if (savedRequest != null) {
|
|
|
if (!justUseSavedRequestOnGet || savedRequest.getMethod().equals("GET")) {
|
|
|
targetUrl = savedRequest.getFullRequestUrl();
|
|
|
+ } else {
|
|
|
+ // SavedRequest not used
|
|
|
+ UrlUtils.clearSavedRequest(currentRequest);
|
|
|
}
|
|
|
}
|
|
|
|
Luke Taylor