登录后重定向地址验证，如果是非法地址，则指定默认的登录成功地址

2024-11-07 17:53:12 +08:00
parent 7826863bb5
commit ac314d9070
2 changed files with 37 additions and 11 deletions
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
@@ -238,15 +238,8 @@ public class LoginController extends BaseController{
 		if (StringUtils.isBlank(successUrl)){
 			successUrl = (String)request.getAttribute("__url");
 		}
-		if (StringUtils.contains(successUrl, "://")){
-			String ctxPath = Global.getCtxPath();
-			String domain = ServletUtils.getRequestDomain(successUrl);
-			successUrl = StringUtils.substring(successUrl, domain.length());
-			if (StringUtils.startsWith(successUrl, ctxPath)) {
-				successUrl = StringUtils.substringAfter(successUrl, ctxPath);
-			}
-		}
-		if (StringUtils.isBlank(successUrl)){
+		// 登录后重定向地址验证，如果是非法地址，则指定默认的登录成功地址
+		if (!ServletUtils.isAllowRedirects(request, successUrl) || StringUtils.isBlank(successUrl)){
 			successUrl = Global.getProperty("shiro.successUrl");
 		}