SEC-1648: Added a useTargetUrlparameter property to AbstractAuthenticationTargetUrlRequestHandler which defaults to false.
This ensures that users will think about the context in which they are enabling the use of a parameter to determine the redirect location.
This commit is contained in:
@@ -44,6 +44,7 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
|
||||
@Test
|
||||
public void targetUrlParameterIsUsedIfPresent() throws Exception {
|
||||
SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler("/defaultTarget");
|
||||
ash.setUseTargetUrlparameter(true);
|
||||
ash.setTargetUrlParameter("targetUrl");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
Reference in New Issue
Block a user