GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-1803: Add check in AbstractAuthenticationTargetUrlRequestHandler for null targetUrlParameter before attempting to read it from the request. Prevents NPE when targetUrlParameter is not set.

3.0.x
Luke Taylor 15 years ago
parent
102027a44c
commit
ee74c4ced2
1 changed files with 5 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java

6
web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
Unescape View File

@ -83,7 +83,11 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler { @@ -83,7 +83,11 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
}
// Check for the parameter and use that if available
String targetUrl = request.getParameter(targetUrlParameter);
String targetUrl = null;
if (targetUrlParameter != null) {
targetUrl = request.getParameter(targetUrlParameter);
}
if (StringUtils.hasText(targetUrl)) {
try {

Write Preview
Loading…
Cancel
Save