String encoded = response.encodeRedirectURL(uri); try { UrlUtil.validateUrl(encoded, request); } catch (IOException e) { LOG.error("SECURITY FAILURE Bad redirect location: " + StringUtil.sanitize(encoded), e);
@Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { String targetUrl = determineTargetUrl(request, response); if (response.isCommitted()) { logger.debug("Response has already been committed. Unable to redirect to " + StringUtil.sanitize(targetUrl)); return; } String queryString = request.getQueryString(); if (!StringUtils.isEmpty(queryString)) { targetUrl += "?" + queryString; } request.getSession().invalidate(); try { UrlUtil.validateUrl(targetUrl, request); } catch (IOException e) { logger.error("SECURITY FAILURE Bad redirect location: " + StringUtil.sanitize(targetUrl), e); response.sendError(403); return; } getRedirectStrategy().sendRedirect(request, response, targetUrl); }
UrlUtil.validateUrl(targetUrl, request); } catch (IOException e) { logger.error("SECURITY FAILURE Bad redirect location: " + StringUtil.sanitize(targetUrl), e);