Skip to content

Whitespace target param handling in determineTargetUrl of AbstractAuthenticationTargetUrlRequestHandler #12344

New issue
New issue
Closed
Closed
Whitespace target param handling in determineTargetUrl of AbstractAuthenticationTargetUrlRequestHandler#12344
Assignees
jzheauxdkodippily
Labels
in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement
@deeaitche

Description

@deeaitche
deeaitche
opened on Dec 6, 2022

Under below condition, the method ignoresthis.useReferer. I wonder if it is done on purpose.

  • isAlwaysUseDefaultTargetUrl() is false
  • this.targetUrlParameter is not null
  • request.getParameter(this.targetUrlParameter) is whitespace only

Would anyone help to check?

spring-security/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java

Lines 106 to 135 in 8aa7029

protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
if (isAlwaysUseDefaultTargetUrl()) {
return this.defaultTargetUrl;
}
// Check for the parameter and use that if available
String targetUrl = null;
if (this.targetUrlParameter != null) {
targetUrl = request.getParameter(this.targetUrlParameter);
if (StringUtils.hasText(targetUrl)) {
if (this.logger.isTraceEnabled()) {
this.logger.trace(LogMessage.format("Using url %s from request parameter %s", targetUrl,
this.targetUrlParameter));
}
return targetUrl;
}
}
if (this.useReferer && !StringUtils.hasLength(targetUrl)) {
targetUrl = request.getHeader("Referer");
if (this.logger.isTraceEnabled()) {
this.logger.trace(LogMessage.format("Using url %s from Referer header", targetUrl));
}
}
if (!StringUtils.hasText(targetUrl)) {
targetUrl = this.defaultTargetUrl;
if (this.logger.isTraceEnabled()) {
this.logger.trace(LogMessage.format("Using default url %s", targetUrl));
}
}
return targetUrl;
}

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions