SEC-1648: Added a useTargetUrlparameter property to AbstractAuthenticationTargetUrlRequestHandler which defaults to false.

This ensures that users will think about the context in which they are enabling the use of a parameter to determine the redirect location.
This commit is contained in:
Luke Taylor
2011-01-05 13:13:30 +00:00
parent 313fe78cc1
commit 423f9eae7a
2 changed files with 40 additions and 20 deletions

View File

@@ -44,6 +44,7 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
@Test
public void targetUrlParameterIsUsedIfPresent() throws Exception {
SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler("/defaultTarget");
ash.setUseTargetUrlparameter(true);
ash.setTargetUrlParameter("targetUrl");
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();