From 0cbea9b452ddec88d8e58ec5d8c5b9f17c3bd7b8 Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Wed, 26 May 2004 22:17:14 +0000
Subject: [PATCH] Improve HTTP redirect URL encoding.

---
 .../securechannel/RetryWithHttpEntryPoint.java              | 3 ++-
 .../securechannel/RetryWithHttpsEntryPoint.java             | 3 ++-
 .../java/org/acegisecurity/ui/AbstractProcessingFilter.java | 6 +++---
 .../ui/webapp/AuthenticationProcessingFilterEntryPoint.java | 3 ++-
 .../java/org/acegisecurity/MockHttpServletResponse.java     | 2 +-
 5 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpEntryPoint.java b/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpEntryPoint.java
index 0d31800bf9..da7647842c 100644
--- a/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpEntryPoint.java
+++ b/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpEntryPoint.java
@@ -117,6 +117,7 @@ public class RetryWithHttpEntryPoint implements InitializingBean,
             logger.debug("Redirecting to: " + redirectUrl);
         }
 
-        ((HttpServletResponse) response).sendRedirect(redirectUrl);
+        ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response)
+            .encodeRedirectURL(redirectUrl));
     }
 }
diff --git a/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpsEntryPoint.java b/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpsEntryPoint.java
index dff19c8db9..71127d6468 100644
--- a/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpsEntryPoint.java
+++ b/core/src/main/java/org/acegisecurity/securechannel/RetryWithHttpsEntryPoint.java
@@ -117,6 +117,7 @@ public class RetryWithHttpsEntryPoint implements InitializingBean,
             logger.debug("Redirecting to: " + redirectUrl);
         }
 
-        ((HttpServletResponse) response).sendRedirect(redirectUrl);
+        ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response)
+            .encodeRedirectURL(redirectUrl));
     }
 }
diff --git a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
index 3cc52f279b..ac4da26cb3 100644
--- a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
@@ -224,8 +224,8 @@ public abstract class AbstractProcessingFilter implements Filter,
                     failed);
                 httpRequest.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
                     null);
-                httpResponse.sendRedirect(httpRequest.getContextPath()
-                    + authenticationFailureUrl);
+                httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest
+                        .getContextPath() + authenticationFailureUrl));
 
                 return;
             }
@@ -252,7 +252,7 @@ public abstract class AbstractProcessingFilter implements Filter,
                     + targetUrl);
             }
 
-            httpResponse.sendRedirect(targetUrl);
+            httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl));
 
             return;
         }
diff --git a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java
index 9ab40f45be..b5d8d9ee09 100644
--- a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java
+++ b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java
@@ -176,6 +176,7 @@ public class AuthenticationProcessingFilterEntryPoint
             logger.debug("Redirecting to: " + redirectUrl);
         }
 
-        ((HttpServletResponse) response).sendRedirect(redirectUrl);
+        ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response)
+            .encodeRedirectURL(redirectUrl));
     }
 }
diff --git a/core/src/test/java/org/acegisecurity/MockHttpServletResponse.java b/core/src/test/java/org/acegisecurity/MockHttpServletResponse.java
index 3112c05ebc..890c91e448 100644
--- a/core/src/test/java/org/acegisecurity/MockHttpServletResponse.java
+++ b/core/src/test/java/org/acegisecurity/MockHttpServletResponse.java
@@ -146,7 +146,7 @@ public class MockHttpServletResponse implements HttpServletResponse {
     }
 
     public String encodeRedirectURL(String arg0) {
-        throw new UnsupportedOperationException("mock method not implemented");
+        return arg0;
     }
 
     public String encodeRedirectUrl(String arg0) {