Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1980: Misleading warning about incorrect redirect URL #2204

spring-issuemaster opened this Issue Jun 25, 2012 · 1 comment


None yet
2 participants

Harald Wellmann (Migrated from SEC-1980) said:

We've started using SpEL expressions to avoid duplicating URL patterns between security.xml and our MVC controller mappings.



Now we keep seeing spurious warnings like

FailFastProblemReporter - Configuration problem: #{ T(com.acme.Sitemap).AUTH_ERROR} is not a valid redirect URL (must start with '/' or http(s))

This appears to be caused by WebConfigUtils.validateHttpRedirect() which checks for a '$' placeholder character but not for a '#' SpEL character.

Rob Winch said:

Thank you for reporting this issue. I have pushed a fix to master.

@spring-issuemaster spring-issuemaster added this to the 3.1.2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment