diff --git a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormAuthenticationFilter.java b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormAuthenticationFilter.java index b11b41ecd6..1c2b6b7b44 100644 --- a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormAuthenticationFilter.java +++ b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormAuthenticationFilter.java @@ -81,7 +81,7 @@ protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, Ser ServletResponse response) throws Exception { if (request instanceof HttpServletRequest) { FallbackPredicate loginFallbackType = (FallbackPredicate) request.getAttribute(LOGIN_PREDICATE_ATTR_NAME); - redirectToSaved(WebUtils.toHttp(request), WebUtils.toHttp(response), loginFallbackType, ""); + redirectToSaved(WebUtils.toHttp(request), WebUtils.toHttp(response), loginFallbackType, "/"); } return false; } diff --git a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/Forms.java b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/Forms.java index e081a8fdf5..42ba0a85a5 100644 --- a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/Forms.java +++ b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/Forms.java @@ -93,7 +93,7 @@ public boolean isLoggedIn() { } public boolean redirectIfLoggedIn() { - return redirectIfLoggedIn(""); + return redirectIfLoggedIn("/"); } public boolean redirectIfLoggedIn(String view) { @@ -155,7 +155,7 @@ public static void redirectToView(FallbackPredicate useFallbackPath, String fall public static void login(String username, String password, boolean rememberMe) { try { SecurityUtils.getSubject().login(new UsernamePasswordToken(username, password, rememberMe)); - redirectToSaved(Faces.getRequestAttribute(LOGIN_PREDICATE_ATTR_NAME), ""); + redirectToSaved(Faces.getRequestAttribute(LOGIN_PREDICATE_ATTR_NAME), "/"); } catch (AuthenticationException e) { Faces.setFlashAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, e); int loginFailedWaitTime = Faces.getRequestAttribute(LOGIN_WAITTIME_ATTR_NAME); diff --git a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java index c1e989eee4..81989517b3 100644 --- a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java +++ b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java @@ -58,6 +58,7 @@ import org.apache.shiro.web.subject.WebSubjectContext; import org.apache.shiro.web.util.WebUtils; import org.omnifaces.util.Servlets; +import org.omnifaces.util.Utils; /** * Stops JEE server from interpreting Shiro principal as direct EJB principal, @@ -83,7 +84,7 @@ private static class WrappedRequest extends ShiroHttpServletRequest { @Getter(value = AccessLevel.PRIVATE, lazy = true) private final boolean httpsNeeded = createHttpButNeedHttps(); @Getter(value = AccessLevel.PRIVATE, lazy = true) - private final StringBuffer secureRequestURL = rewriteHttpToHttps(); + private final StringBuffer secureRequestURL = httpsRequestURL(); WrappedRequest(HttpServletRequest wrapped, ServletContext servletContext, boolean httpSessions) { super(wrapped, servletContext, httpSessions); @@ -127,7 +128,7 @@ private boolean createHttpButNeedHttps() { .getHeader(X_FORWARDED_PROTO)); } - private StringBuffer rewriteHttpToHttps() { + private StringBuffer httpsRequestURL() { return new StringBuffer(HTTP_TO_HTTPS.matcher(super.getRequestURL()) .replaceFirst(HTTPS_SCHEME + "$1")); } @@ -147,6 +148,14 @@ public void addCookie(Cookie cookie) { super.addCookie(cookie); } } + + @Override + public void sendRedirect(String location) throws IOException { + if (!Utils.startsWithOneOf(location, new String[]{"http://", "https://"})) { + location = Servlets.getRequestDomainURL(WebUtils.toHttp(request)) + location; + } + super.sendRedirect(location); + } } @RequiredArgsConstructor