登录后重定向地址不允许跳转到外部地址
This commit is contained in:
thinkgem
@@ -4,23 +4,6 @@
|
||||
*/
|
||||
package com.jeesite.common.web.http;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Enumeration;
|
||||
import java.util.Iterator;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
import java.util.StringTokenizer;
|
||||
import java.util.TreeMap;
|
||||
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.lang3.Validate;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||
|
||||
import com.fasterxml.jackson.databind.util.JSONPObject;
|
||||
import com.jeesite.common.codec.EncodeUtils;
|
||||
import com.jeesite.common.collect.MapUtils;
|
||||
@@ -29,6 +12,17 @@ import com.jeesite.common.lang.ExceptionUtils;
|
||||
import com.jeesite.common.lang.StringUtils;
|
||||
import com.jeesite.common.mapper.JsonMapper;
|
||||
import com.jeesite.common.mapper.XmlMapper;
|
||||
import org.apache.commons.lang3.Validate;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.util.*;
|
||||
import java.util.Map.Entry;
|
||||
|
||||
/**
|
||||
* Http与Servlet工具类.
|
||||
@@ -387,6 +381,18 @@ public class ServletUtils {
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取请求的域名(含端口)
|
||||
*/
|
||||
public static String getRequestDomain(String url) {
|
||||
String scheme = StringUtils.substringBefore(url, "://");
|
||||
String domain = StringUtils.substringAfter(url, "://");
|
||||
if (StringUtils.contains(domain, "/")) {
|
||||
domain = StringUtils.substringBefore(domain, "/");
|
||||
}
|
||||
return scheme + "://" + domain;
|
||||
}
|
||||
|
||||
/**
|
||||
* 获得请求参数值
|
||||
*/
|
||||
|
||||
@@ -217,6 +217,13 @@ public class LoginController extends BaseController{
|
||||
if (StringUtils.isBlank(successUrl)){
|
||||
successUrl = (String)request.getAttribute("__url");
|
||||
}
|
||||
if (StringUtils.contains(successUrl, "://")){
|
||||
String domain = ServletUtils.getRequestDomain(successUrl);
|
||||
successUrl = StringUtils.substring(successUrl, domain.length());
|
||||
if (StringUtils.startsWith(successUrl, request.getContextPath())) {
|
||||
successUrl = StringUtils.substringAfter(successUrl, request.getContextPath());
|
||||
}
|
||||
}
|
||||
if (StringUtils.isBlank(successUrl)){
|
||||
successUrl = Global.getProperty("shiro.successUrl");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user