diff --git a/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpEntryPoint.java b/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpEntryPoint.java index 0d31800bf9..da7647842c 100644 --- a/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpEntryPoint.java +++ b/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpEntryPoint.java @@ -117,6 +117,7 @@ public class RetryWithHttpEntryPoint implements InitializingBean, logger.debug("Redirecting to: " + redirectUrl); } - ((HttpServletResponse) response).sendRedirect(redirectUrl); + ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response) + .encodeRedirectURL(redirectUrl)); } } diff --git a/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpsEntryPoint.java b/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpsEntryPoint.java index dff19c8db9..71127d6468 100644 --- a/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpsEntryPoint.java +++ b/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpsEntryPoint.java @@ -117,6 +117,7 @@ public class RetryWithHttpsEntryPoint implements InitializingBean, logger.debug("Redirecting to: " + redirectUrl); } - ((HttpServletResponse) response).sendRedirect(redirectUrl); + ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response) + .encodeRedirectURL(redirectUrl)); } } diff --git a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java index 3cc52f279b..ac4da26cb3 100644 --- a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java +++ b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java @@ -224,8 +224,8 @@ public abstract class AbstractProcessingFilter implements Filter, failed); httpRequest.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY, null); - httpResponse.sendRedirect(httpRequest.getContextPath() - + authenticationFailureUrl); + httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest + .getContextPath() + authenticationFailureUrl)); return; } @@ -252,7 +252,7 @@ public abstract class AbstractProcessingFilter implements Filter, + targetUrl); } - httpResponse.sendRedirect(targetUrl); + httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl)); return; } diff --git a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java index 9ab40f45be..b5d8d9ee09 100644 --- a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java +++ b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java @@ -176,6 +176,7 @@ public class AuthenticationProcessingFilterEntryPoint logger.debug("Redirecting to: " + redirectUrl); } - ((HttpServletResponse) response).sendRedirect(redirectUrl); + ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response) + .encodeRedirectURL(redirectUrl)); } } diff --git a/core/src/test/java/org/acegisecurity/MockHttpServletResponse.java b/core/src/test/java/org/acegisecurity/MockHttpServletResponse.java index 3112c05ebc..890c91e448 100644 --- a/core/src/test/java/org/acegisecurity/MockHttpServletResponse.java +++ b/core/src/test/java/org/acegisecurity/MockHttpServletResponse.java @@ -146,7 +146,7 @@ public class MockHttpServletResponse implements HttpServletResponse { } public String encodeRedirectURL(String arg0) { - throw new UnsupportedOperationException("mock method not implemented"); + return arg0; } public String encodeRedirectUrl(String arg0) {