登录后重定向地址不允许跳转到外部地址
This commit is contained in:
thinkgem
@@ -4,23 +4,6 @@
|
|||||||
*/
|
*/
|
||||||
package com.jeesite.common.web.http;
|
package com.jeesite.common.web.http;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.util.Enumeration;
|
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Map.Entry;
|
|
||||||
import java.util.StringTokenizer;
|
|
||||||
import java.util.TreeMap;
|
|
||||||
|
|
||||||
import javax.servlet.ServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
|
|
||||||
import org.apache.commons.lang3.Validate;
|
|
||||||
import org.springframework.http.MediaType;
|
|
||||||
import org.springframework.web.context.request.RequestContextHolder;
|
|
||||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
|
||||||
|
|
||||||
import com.fasterxml.jackson.databind.util.JSONPObject;
|
import com.fasterxml.jackson.databind.util.JSONPObject;
|
||||||
import com.jeesite.common.codec.EncodeUtils;
|
import com.jeesite.common.codec.EncodeUtils;
|
||||||
import com.jeesite.common.collect.MapUtils;
|
import com.jeesite.common.collect.MapUtils;
|
||||||
@@ -29,6 +12,17 @@ import com.jeesite.common.lang.ExceptionUtils;
|
|||||||
import com.jeesite.common.lang.StringUtils;
|
import com.jeesite.common.lang.StringUtils;
|
||||||
import com.jeesite.common.mapper.JsonMapper;
|
import com.jeesite.common.mapper.JsonMapper;
|
||||||
import com.jeesite.common.mapper.XmlMapper;
|
import com.jeesite.common.mapper.XmlMapper;
|
||||||
|
import org.apache.commons.lang3.Validate;
|
||||||
|
import org.springframework.http.MediaType;
|
||||||
|
import org.springframework.web.context.request.RequestContextHolder;
|
||||||
|
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||||
|
|
||||||
|
import javax.servlet.ServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.*;
|
||||||
|
import java.util.Map.Entry;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Http与Servlet工具类.
|
* Http与Servlet工具类.
|
||||||
@@ -387,6 +381,18 @@ public class ServletUtils {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 获取请求的域名(含端口)
|
||||||
|
*/
|
||||||
|
public static String getRequestDomain(String url) {
|
||||||
|
String scheme = StringUtils.substringBefore(url, "://");
|
||||||
|
String domain = StringUtils.substringAfter(url, "://");
|
||||||
|
if (StringUtils.contains(domain, "/")) {
|
||||||
|
domain = StringUtils.substringBefore(domain, "/");
|
||||||
|
}
|
||||||
|
return scheme + "://" + domain;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 获得请求参数值
|
* 获得请求参数值
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -217,6 +217,13 @@ public class LoginController extends BaseController{
|
|||||||
if (StringUtils.isBlank(successUrl)){
|
if (StringUtils.isBlank(successUrl)){
|
||||||
successUrl = (String)request.getAttribute("__url");
|
successUrl = (String)request.getAttribute("__url");
|
||||||
}
|
}
|
||||||
|
if (StringUtils.contains(successUrl, "://")){
|
||||||
|
String domain = ServletUtils.getRequestDomain(successUrl);
|
||||||
|
successUrl = StringUtils.substring(successUrl, domain.length());
|
||||||
|
if (StringUtils.startsWith(successUrl, request.getContextPath())) {
|
||||||
|
successUrl = StringUtils.substringAfter(successUrl, request.getContextPath());
|
||||||
|
}
|
||||||
|
}
|
||||||
if (StringUtils.isBlank(successUrl)){
|
if (StringUtils.isBlank(successUrl)){
|
||||||
successUrl = Global.getProperty("shiro.successUrl");
|
successUrl = Global.getProperty("shiro.successUrl");
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user