SEC-1247: AbstractProcessingFilter, successfulAuthentication() redirects to targetUrl without consulting alwaysUseDefaultTargetUrl. #1496

Closed
spring-issuemaster opened this Issue Sep 15, 2009 · 0 comments

1 participant

@spring-issuemaster

AnirudhPrabhudesai (Migrated from SEC-1247) said:

AbstractProcessingFilter, successfulAuthentication() redirects to targetUrl without consulting alwaysUseDefaultTargetUrl.

sendRedirect(request, response, targetUrl);

should be changed to

if (alwaysUseDefaultTargetUrl){
sendRedirect(request, response, targetUrl);
}

@spring-issuemaster spring-issuemaster added this to the 3.0.0 RC1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment