Throw exception if URL does not include context path when context relative

Issue: gh-8399
6 years ago · f08ca4e688
2 changed files with 3 additions and 5 deletions
--- a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
@ -74,7 +74,7 @@ public class DefaultRedirectStrategy implements RedirectStrategy {
				@@ -74,7 +74,7 @@ public class DefaultRedirectStrategy implements RedirectStrategy {
 		}

 		if (!url.contains(contextPath)) {
-			return "";
+			throw new IllegalArgumentException("The fully qualified URL does not include context path.");
 		}

 		// Calculate the relative URL from the fully qualified URL, minus the last
--- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
@ -57,8 +57,8 @@ public class DefaultRedirectStrategyTests {
				@@ -57,8 +57,8 @@ public class DefaultRedirectStrategyTests {
 		assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
 	}

-	@Test
-	public void contextRelativeShouldRedirectToRootIfURLDoesNotContainContextPath()
+	@Test(expected = IllegalArgumentException.class)
+	public void contextRelativeShouldThrowExceptionIfURLDoesNotContainContextPath()
 		throws Exception {
 		DefaultRedirectStrategy rds = new DefaultRedirectStrategy();
 		rds.setContextRelative(true);
@ -68,7 +68,5 @@ public class DefaultRedirectStrategyTests {
				@@ -68,7 +68,5 @@ public class DefaultRedirectStrategyTests {

 		rds.sendRedirect(request, response,
 			"https://redirectme.somewhere.else");
-
-		assertThat(response.getRedirectedUrl()).isEqualTo("");
 	}
 }