From 700fa9e0b62a86872ef02bdd24aca04c84eeaa27 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Wed, 13 Jul 2011 22:13:52 +0100
Subject: [PATCH] SEC-1772: remote URL decoding of targetUrlParameter in
 AbstractAuthenticationTargetUrlRequestHandler.

---
 .../AbstractAuthenticationTargetUrlRequestHandler.java      | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
index aada4ae597..a5e5c4e8b7 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
@@ -91,12 +91,6 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
             targetUrl = request.getParameter(targetUrlParameter);
 
             if (StringUtils.hasText(targetUrl)) {
-                try {
-                    targetUrl = URLDecoder.decode(targetUrl, "UTF-8");
-                } catch (UnsupportedEncodingException e) {
-                    throw new IllegalStateException("UTF-8 not supported. Shouldn't be possible");
-                }
-
                 logger.debug("Found targetUrlParameter in request: " + targetUrl);
 
                 return targetUrl;