SEC-1803: Add check in AbstractAuthenticationTargetUrlRequestHandler for null targetUrlParameter before attempting to read it from the request. Prevents NPE when targetUrlParameter is not set.
This commit is contained in:
@@ -83,7 +83,11 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
|
||||
}
|
||||
|
||||
// Check for the parameter and use that if available
|
||||
String targetUrl = request.getParameter(targetUrlParameter);
|
||||
String targetUrl = null;
|
||||
|
||||
if (targetUrlParameter != null) {
|
||||
targetUrl = request.getParameter(targetUrlParameter);
|
||||
}
|
||||
|
||||
if (StringUtils.hasText(targetUrl)) {
|
||||
try {
|
||||
|
||||
Reference in New Issue
Block a user