[gatein-commits] gatein SVN: r8055 - portal/trunk/component/web/security/src/main/java/org/exoplatform/web/login.

[do-not-reply at jboss.org]

Author: mwringe
Date: 2011-11-14 14:19:40 -0500 (Mon, 14 Nov 2011)
New Revision: 8055

Modified:
   portal/trunk/component/web/security/src/main/java/org/exoplatform/web/login/DoLoginServlet.java
Log:
GTNPORTAL-2269: only allow initial URI login redirects to locations on the same server.

Modified: portal/trunk/component/web/security/src/main/java/org/exoplatform/web/login/DoLoginServlet.java
===================================================================
--- portal/trunk/component/web/security/src/main/java/org/exoplatform/web/login/DoLoginServlet.java	2011-11-14 11:04:23 UTC (rev 8054)
+++ portal/trunk/component/web/security/src/main/java/org/exoplatform/web/login/DoLoginServlet.java	2011-11-14 19:19:40 UTC (rev 8055)
@@ -27,6 +27,8 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
 
 /**
  * @author <a href="mailto:julien.viet at exoplatform.com">Julien Viet</a>
@@ -42,11 +44,27 @@
    {
       String initialURI = req.getParameter("initialURI");
       log.debug("Performing the do login send redirect with initialURI=" + initialURI + " and remoteUser=" + req.getRemoteUser());
+ 
       if (initialURI == null || initialURI.length() == 0)
       {
          initialURI = req.getContextPath();
       }
 
+      try
+      {
+         URI uri = new URI(initialURI);
+         if (uri.isAbsolute() && !(uri.getHost().equals(req.getServerName())))
+         {
+            log.warn("Cannot redirect to an URI outside of the current host when using a login redirect. Redirecting to the portal context path instead.");
+            initialURI = req.getContextPath();
+         }
+      }
+      catch (URISyntaxException e)
+      {
+         log.warn("Initial URI in login link is malformed. Redirecting to the portal context path instead.");
+         initialURI = req.getContextPath();
+      }
+
       //
       resp.sendRedirect(resp.encodeRedirectURL(initialURI));
    }