Improve HTTP redirect URL encoding.

2026-05-22 13:23:17 +00:00 · 2004-05-26 22:17:14 +00:00
parent d5c14142d1
commit 0cbea9b452
5 changed files with 10 additions and 7 deletions
@@ -117,6 +117,7 @@ public class RetryWithHttpEntryPoint implements InitializingBean,
            logger.debug("Redirecting to: " + redirectUrl);
        }

-        ((HttpServletResponse) response).sendRedirect(redirectUrl);
+        ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response)
+            .encodeRedirectURL(redirectUrl));
    }
 }
@@ -117,6 +117,7 @@ public class RetryWithHttpsEntryPoint implements InitializingBean,
            logger.debug("Redirecting to: " + redirectUrl);
        }

-        ((HttpServletResponse) response).sendRedirect(redirectUrl);
+        ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response)
+            .encodeRedirectURL(redirectUrl));
    }
 }
@@ -224,8 +224,8 @@ public abstract class AbstractProcessingFilter implements Filter,
                    failed);
                httpRequest.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
                    null);
-                httpResponse.sendRedirect(httpRequest.getContextPath()
-                    + authenticationFailureUrl);
+                httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest
+                        .getContextPath() + authenticationFailureUrl));

                return;
            }
@@ -252,7 +252,7 @@ public abstract class AbstractProcessingFilter implements Filter,
                    + targetUrl);
            }

-            httpResponse.sendRedirect(targetUrl);
+            httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl));

            return;
        }
@@ -176,6 +176,7 @@ public class AuthenticationProcessingFilterEntryPoint
            logger.debug("Redirecting to: " + redirectUrl);
        }

-        ((HttpServletResponse) response).sendRedirect(redirectUrl);
+        ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response)
+            .encodeRedirectURL(redirectUrl));
    }
 }
@@ -146,7 +146,7 @@ public class MockHttpServletResponse implements HttpServletResponse {
    }

    public String encodeRedirectURL(String arg0) {
-        throw new UnsupportedOperationException("mock method not implemented");
+        return arg0;
    }

    public String encodeRedirectUrl(String arg0) {