Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1255: Modified UrlUtils. Full request URL for redirects uses the requestURI (which is encoded). The URL for path comparsions is built using the servletpath, as before.

Browse Source
This commit is contained in:
Luke Taylor
2009-10-02 17:29:43 +00:00
parent df9e2eac9e
commit 073198886d
6 changed files with 61 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files
itest/web/src/main/webapp/WEB-INF/custom-filters.xml
-19
View File
@@ -1,19 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
<!-- A second APF in addition to the standard namespace one -->
<bean name="formLoginFilter2" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter">
<sec:custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
<property name="filterProcessesUrl" value="/j_spring_security_check_2"/>
</bean>
<bean name="switchUserFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserProcessingFilter">
<sec:custom-filter position="SWITCH_USER_FILTER"/>
</bean>
</beans>
itest/web/src/main/webapp/secure/file?with?special?chars.html
+12
View File
@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Special Chars File</title>
</head>
<body>
<p>I'm file?with?special?chars.html</p>
</body>
</html>
itest/web/src/test/java/org/springframework/security/integration/InMemoryProviderWebAppTests.java
+9 -1
View File
@@ -1,6 +1,6 @@
package org.springframework.security.integration;
import org.testng.annotations.*;
import org.testng.annotations.Test;
/**
* @author Luke Taylor
@@ -39,4 +39,12 @@ public class InMemoryProviderWebAppTests extends AbstractWebServerIntegrationTes
assertTextPresent("xcount=2");
}
// SEC-1255
@Test
public void redirectToUrlWithSpecialCharsInFilenameWorksOk() throws Exception {
beginAt("secure/file%3Fwith%3Fspecial%3Fchars.html?someArg=1");
login("jimi", "jimispassword");
assertTextPresent("I'm file?with?special?chars.html");
}
}