String encoded = response.encodeRedirectURL(uri); try { UrlUtil.validateUrl(encoded, request); } catch (IOException e) { LOG.error("SECURITY FAILURE Bad redirect location: " + StringUtil.sanitize(encoded), e);
@Override public String getUrlKey() { if ((urlKey == null || "".equals(urlKey.trim())) && name != null) { return UrlUtil.generateUrlKey(name); } return urlKey; }
String url = UrlUtil.fixRedirectUrl(contextPath, handler.getNewURL()); url = fixQueryString(request, url); extensionManager.getProxy().processPreRedirect(request, response, url);
String url = UrlUtil.fixRedirectUrl(contextPath, handler.getUrl()); response.sendRedirect(url); return null;
@Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { String targetUrl = determineTargetUrl(request, response); if (response.isCommitted()) { logger.debug("Response has already been committed. Unable to redirect to " + StringUtil.sanitize(targetUrl)); return; } String queryString = request.getQueryString(); if (!StringUtils.isEmpty(queryString)) { targetUrl += "?" + queryString; } request.getSession().invalidate(); try { UrlUtil.validateUrl(targetUrl, request); } catch (IOException e) { logger.error("SECURITY FAILURE Bad redirect location: " + StringUtil.sanitize(targetUrl), e); response.sendError(403); return; } getRedirectStrategy().sendRedirect(request, response, targetUrl); }
request.getRequestDispatcher(handler.getNewURL()).forward(request, response); } else if (URLRedirectType.REDIRECT_PERM == handler.getUrlRedirectType()) { String url = UrlUtil.fixRedirectUrl(contextPath, handler.getNewURL()); url = fixQueryString(request, url); response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY); response.setHeader( "Connection", "close" ); } else if (URLRedirectType.REDIRECT_TEMP == handler.getUrlRedirectType()) { String url = UrlUtil.fixRedirectUrl(contextPath, handler.getNewURL()); url = fixQueryString(request, url); response.sendRedirect(url);
UrlUtil.validateUrl(targetUrl, request); } catch (IOException e) { logger.error("SECURITY FAILURE Bad redirect location: " + StringUtil.sanitize(targetUrl), e);