Skip to content

Commit

Permalink
SEC-1790: Disable use of spring-security-redirect by default for Simp…
Browse files Browse the repository at this point in the history
…leUrlLogoutSuccesshandler.
  • Loading branch information
tekul committed Aug 5, 2011
1 parent 5238ba0 commit a087e82
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@
* will be used for the destination.
* </li>
* <li>
* If a parameter matching the <tt>targetUrlParameter</tt> has been set on the request, the value will be used as
* the destination.
* If a parameter matching the value of <tt>targetUrlParameter</tt> has been set on the request, the value will be used
* as the destination. By default this has the value "spring-security-redirect".
* </li>
* <li>
* If the <tt>useReferer</tt> property is set, the "Referer" HTTP header value will be used, if present.
Expand Down Expand Up @@ -154,7 +154,9 @@ protected boolean isAlwaysUseDefaultTargetUrl() {
* to "spring-security-redirect".
*/
public void setTargetUrlParameter(String targetUrlParameter) {
Assert.hasText(targetUrlParameter, "targetUrlParameter cannot be null or empty");
if (!StringUtils.hasText(targetUrlParameter)) {
targetUrlParameter = null;
}
this.targetUrlParameter = targetUrlParameter;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@
public class SimpleUrlLogoutSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler
implements LogoutSuccessHandler {

public SimpleUrlLogoutSuccessHandler() {
super.setTargetUrlParameter(null);
}

public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
super.handle(request, response, authentication);
Expand Down

0 comments on commit a087e82

Please sign in to comment.