private static String getValidatedRedirectTarget()

in src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java [100:134]

• 26 lines of code
• 10 McCabe index (conditional complexity)

    private static String getValidatedRedirectTarget(final HttpServletRequest request) {
        String redirect = request.getParameter(AuthenticationSupport.REDIRECT_PARAMETER);
        if (redirect == null) {
            return null;
        }

        // redirect to the same path
        if ("true".equalsIgnoreCase(redirect) || redirect.length() == 0) {
            return request.getRequestURI();
        }

        // redirect relative to the current request (make absolute)
        if (!redirect.startsWith("/") && !redirect.contains("://")) {
            String path = request.getRequestURI();
            path = path.substring(request.getContextPath().length());
            int lastSlash = path.lastIndexOf('/');
            path = (lastSlash > 0) ? path.substring(0, lastSlash + 1) : path;
            redirect = path.concat(redirect);
            redirect = ResourceUtil.normalize(redirect);
        }

        // prepend context path if necessary
        if (redirect.startsWith("/") && !redirect.startsWith(request.getContextPath())) {
            redirect = request.getContextPath().concat(redirect);
        }

        // absolute target (in the servlet context)
        if (!AuthUtil.isRedirectValid(request, redirect)) {
            LoggerFactory.getLogger(DefaultJakartaAuthenticationFeedbackHandler.class)
                    .error("handleRedirect: Redirect target '{}' is invalid, redirecting to '/'", redirect);
            redirect = "/";
        }

        return redirect;
    }