Throw exception if URL does not include context path when context relative

yoshikawaa · yoshikawaa · commit 94d36ee88697 · 2020-05-20T10:11:35.000+09:00
Issue: gh-8399
diff --git a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
@@ -74,7 +74,7 @@ protected String calculateRedirectUrl(String contextPath, String url) {
 		}
 
 		if (!url.contains(contextPath)) {
-			return "";
+			throw new IllegalArgumentException("The fully qualified URL does not include context path.");
 		}
 
 		// Calculate the relative URL from the fully qualified URL, minus the last
diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
@@ -57,8 +57,8 @@ public void contextRelativeUrlWithMultipleSchemesInHostnameIsHandledCorrectly()
 		assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
 	}
 
-	@Test
-	public void contextRelativeShouldRedirectToRootIfURLDoesNotContainContextPath()
+	@Test(expected = IllegalArgumentException.class)
+	public void contextRelativeShouldThrowExceptionIfURLDoesNotContainContextPath()
 		throws Exception {
 		DefaultRedirectStrategy rds = new DefaultRedirectStrategy();
 		rds.setContextRelative(true);
@@ -68,7 +68,5 @@ public void contextRelativeShouldRedirectToRootIfURLDoesNotContainContextPath()
 
 		rds.sendRedirect(request, response,
 			"https://redirectme.somewhere.else");
-
-		assertThat(response.getRedirectedUrl()).isEqualTo("");
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ protected String calculateRedirectUrl(String contextPath, String url) {`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`if (!url.contains(contextPath)) {`
`77`		`- return "";`
	`77`	`+ throw new IllegalArgumentException("The fully qualified URL does not include context path.");`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`// Calculate the relative URL from the fully qualified URL, minus the last`
Original file line number	Diff line number	Diff line change
`@@ -57,8 +57,8 @@ public void contextRelativeUrlWithMultipleSchemesInHostnameIsHandledCorrectly()`
`57`	`57`	`assertThat(response.getRedirectedUrl()).isEqualTo("remainder");`
`58`	`58`	`}`
`59`	`59`
`60`		`- @Test`
`61`		`- public void contextRelativeShouldRedirectToRootIfURLDoesNotContainContextPath()`
	`60`	`+ @Test(expected = IllegalArgumentException.class)`
	`61`	`+ public void contextRelativeShouldThrowExceptionIfURLDoesNotContainContextPath()`
`62`	`62`	`throws Exception {`
`63`	`63`	`DefaultRedirectStrategy rds = new DefaultRedirectStrategy();`
`64`	`64`	`rds.setContextRelative(true);`
`@@ -68,7 +68,5 @@ public void contextRelativeShouldRedirectToRootIfURLDoesNotContainContextPath()`
`68`	`68`
`69`	`69`	`rds.sendRedirect(request, response,`
`70`	`70`	`"https://redirectme.somewhere.else");`
`71`		`-`
`72`		`- assertThat(response.getRedirectedUrl()).isEqualTo("");`
`73`	`71`	`}`
`74`	`72`	`}`