From aa2743a38c8105ef98d6b44417129b2790f9ed98 Mon Sep 17 00:00:00 2001
From: Pierre Lupien <pierre.lupien@hrsdc-rhdcc.gc.ca>
Date: Tue, 7 Nov 2023 17:19:55 -0500
Subject: [PATCH 1/3] Working to remove 'leaving secure site' redirect page
 from Spring Boot project

---
 .../goc/webtemplate/component/BaseUtil.java   |  6 +++-
 .../component/jsonentities/SetupBase.java     |  3 +-
 .../component/spring/BaseCoreBean.java        |  2 +-
 .../spring/controller/CoreController.java     |  7 ----
 .../LeavingSecureSiteSampleBean.java          |  1 -
 .../samples/LeavingSecureSiteSample.html      | 35 ++++---------------
 6 files changed, 14 insertions(+), 40 deletions(-)

diff --git a/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/BaseUtil.java b/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/BaseUtil.java
index e68e8da4..1aead7ea 100644
--- a/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/BaseUtil.java
+++ b/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/BaseUtil.java
@@ -8,7 +8,7 @@
 import goc.webtemplate.Constants;
 
 public final class BaseUtil {
-	public static void doLeaveSecureSite(HttpServletRequest req, HttpServletResponse res) throws Exception {
+	public static void doLeaveSecureSite(HttpServletRequest req, HttpServletResponse res) throws Exception { //TODO: Remove this once no longer referenced
 		String redirectUrl = URLDecoder.decode(req.getParameter("targetUrl"), "UTF-8");
 		res.sendRedirect(redirectUrl);
 	}
@@ -24,6 +24,10 @@ public static void doLocaleSwitch(HttpServletRequest req, HttpServletResponse re
 		}
 		
 		String prevUrl = URLDecoder.decode(req.getParameter(Constants.QUERYSTRING_KEY), "UTF-8");
+
+		// Validate that the redirect link is relative to the host and NOT absolute or relative to scheme
+		if ((!prevUrl.startsWith("/")) || prevUrl.startsWith("//")) throw new Exception("Unauthorized return URL specified for language switching.");
+
 		res.sendRedirect(prevUrl);
 	}
 	
diff --git a/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/jsonentities/SetupBase.java b/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/jsonentities/SetupBase.java
index 35e83559..d5e28c9c 100644
--- a/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/jsonentities/SetupBase.java
+++ b/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/jsonentities/SetupBase.java
@@ -5,7 +5,6 @@
 import java.util.List;
 
 import goc.webtemplate.LeavingSecureSiteWarning;
-import goc.webtemplate.Utility;
 import goc.webtemplate.WebAnalyticsInfo;
 
 /**
@@ -39,7 +38,7 @@ public SetupBase(String subTheme, String jqueryEnv, LeavingSecureSiteWarning lss
         this.subTheme = subTheme;
         this.jqueryEnv = jqueryEnv;
         this.exitSecureSite = null;
-        if ((lssw != null) && lssw.isEnabled() && !Utility.isNullOrEmpty(lssw.getRedirectUrl())) {
+        if ((lssw != null) && lssw.isEnabled()) {
             this.exitSecureSite = new ExitSecureSite(lssw);
         }
         this.webAnalytics = webAnalytics;
diff --git a/gocwebtemplate-core/gocwebtemplate-core-spring/src/main/java/goc/webtemplate/component/spring/BaseCoreBean.java b/gocwebtemplate-core/gocwebtemplate-core-spring/src/main/java/goc/webtemplate/component/spring/BaseCoreBean.java
index 6d7ce548..24afb1a0 100644
--- a/gocwebtemplate-core/gocwebtemplate-core-spring/src/main/java/goc/webtemplate/component/spring/BaseCoreBean.java
+++ b/gocwebtemplate-core/gocwebtemplate-core-spring/src/main/java/goc/webtemplate/component/spring/BaseCoreBean.java
@@ -35,7 +35,7 @@ protected String getDefaultLanguageLinkUrl() {
     
     @Override
     protected String getDefaultLeaveSecureSiteRedirectUrl() {
-        return "gocwebtemplate_leavesecuresiteredirect";
+        return null;
     }
     
     @Override
diff --git a/gocwebtemplate-core/gocwebtemplate-core-spring/src/main/java/goc/webtemplate/component/spring/controller/CoreController.java b/gocwebtemplate-core/gocwebtemplate-core-spring/src/main/java/goc/webtemplate/component/spring/controller/CoreController.java
index d341fec2..b0739652 100644
--- a/gocwebtemplate-core/gocwebtemplate-core-spring/src/main/java/goc/webtemplate/component/spring/controller/CoreController.java
+++ b/gocwebtemplate-core/gocwebtemplate-core-spring/src/main/java/goc/webtemplate/component/spring/controller/CoreController.java
@@ -10,15 +10,8 @@
 
 @Controller
 public class CoreController {
-	
 	@GetMapping("/gocwebtemplate_switchlocale")
 	public void SwitchLocale(HttpServletRequest request, HttpServletResponse response) throws Exception {
 		BaseUtil.doLocaleSwitch(request, response);
 	}	
-	
-	@GetMapping("/gocwebtemplate_leavesecuresiteredirect")
-	public void LeaveSecureSiteRedirect(HttpServletRequest request, HttpServletResponse response) throws Exception {
-		//Custom processing would go here
-		BaseUtil.doLeaveSecureSite(request, response);
-	}
 }
diff --git a/gocwebtemplate-sample-spring/src/main/java/goc/webtemplate/spring/samplebeans/LeavingSecureSiteSampleBean.java b/gocwebtemplate-sample-spring/src/main/java/goc/webtemplate/spring/samplebeans/LeavingSecureSiteSampleBean.java
index c45f95bd..f45dd9aa 100644
--- a/gocwebtemplate-sample-spring/src/main/java/goc/webtemplate/spring/samplebeans/LeavingSecureSiteSampleBean.java
+++ b/gocwebtemplate-sample-spring/src/main/java/goc/webtemplate/spring/samplebeans/LeavingSecureSiteSampleBean.java
@@ -14,7 +14,6 @@ public void onWebTemplateInitialize() {
 
         lssw.setEnabled(true);
         lssw.setMessage("You are about to leave a secure site, do you wish to continue?");
-        lssw.setRedirectUrl("gocwebtemplate_leavesecuresiteredirect");
         lssw.setExcludedDomains("www.esdc.gc.ca,www.jobbank.gc.ca,www.readseal.ca");
         lssw.setCancelMessage("Don't leave");
         lssw.setYesMessage("Yes, leave this site");
diff --git a/gocwebtemplate-sample-spring/src/main/resources/samples/LeavingSecureSiteSample.html b/gocwebtemplate-sample-spring/src/main/resources/samples/LeavingSecureSiteSample.html
index ad541b66..2d731080 100644
--- a/gocwebtemplate-sample-spring/src/main/resources/samples/LeavingSecureSiteSample.html
+++ b/gocwebtemplate-sample-spring/src/main/resources/samples/LeavingSecureSiteSample.html
@@ -20,8 +20,8 @@ <h2>Leaving Secure Site Warning</h2>
 	    <ul>
 	        <li>display the message to the user in the form of a modal window</li>
 	        <li>display the message your application provides</li>
-	        <li>allow your application to execute any clean up code (ex: close session, gracefully logout user etc...)</li>
-	        <li>allow your application to exlude any domains from raising the warning</li>
+            <li>allow your application to exlude any domains from raising the warning</li>
+	        <li>optionally, allow your application to execute any clean up code (ex: close session, gracefully logout user etc...)</li>
 	    </ul>
 	    <h2>How it works</h2>
 	    <ul>
@@ -32,16 +32,11 @@ <h2>How it works</h2>
 	                <li>A "Yes" button appears on the window to allow the user to continue with the redirection to the selected link.</li>
 	            </ul>
         	</li>
-        	<li>if the "Yes" button is clicked:
-	            <ul>
-	                <li>the user will first be redirect to the url set in <code class="wb-prettify">"leavingSecureSiteRedirectUrl"</code> via either the cdn.properties file or programmatically</li>
-	                <li>the info of the linked that was clicked is part of the querystring to that url</li>
-	                <li>in the redirect url provided earlier, attach the preRenderView event to the page and execute a custom bean method to perform the redirect</li>
-	                <li>execute any clean up code your application requires</li>
-	                <li>once executed the custom method will redirect the user to the url of the clicked link</li>
-	                <li>the leave secure site feature is already provided by default as part of the GoC Web Template package</li>
-	                <li>by default the leave secure site redirect url will invoke the <code class="wb-prettify">LeaveSecureSiteRedirect</code> method found in the controller.</li>
-	            </ul>
+        	<li>if the "Yes" button is clicked, the browser will be directed to the external link</li>
+        	<li>optionally, a redirect url can be set in <code class="wb-prettify">"leavingSecureSiteRedirectUrl"</code> via either the cdn.properties file or programmatically.
+        	    If this is used, the browser will be directed to this page before leaving, where the application can terminate the user's session and let them proceed to the external link.
+        	    The external link will be presented to the user by placing an element <code class="wb-prettify">&lt;span class="wb-exitscript wb-exitscript-exiturlparam"&gt;&lt;/span&gt;</code> on the page.
+        	    An example of "middle page" is available in the <a href="https://wet-boew.github.io/wet-boew/docs/ref/exitscript/exiturl-en.html?exturl=http%3A%2F%2Fcsszengarden.com%2F219">WET Documentation</a>.
 	        </li>
 	    </ul>
 	    <p>Here is a local link that will not display the warning: <a href="BaseSettingsSample">Link to Local Page</a></p>
@@ -51,7 +46,6 @@ <h3>Enable the leaving secure site feature</h3>
 	    <ul>
 	        <li>Set, via the cdn.properties file or programmatically in your custom bean class, <code class="wb-prettify">"Enabled"</code> to <strong>"true"</strong></li>
 	        <li>Provide the message to be displayed by setting the <code class="wb-prettify">"Message"</code> programmatically via the <code class="wb-prettify">setLeavingSecureSiteWarning</code> method in your custom bean class.</li>
-	        <li>Set, via the cdn.properties file or programmatically in your custom bean class, <code class="wb-prettify">"RedirectUrl"</code> to your page which will execute your clean up code and then redirect to the selected url.</li>
 	        <li>Set, via the cdn.properties or programmatically in your custom bean class, <code class="wb-prettify">"ExcludedDomain"</code> the list of domains you do not want to raise the warning</li>
 	    </ul>
 	    <div class="wb-prettify all-pre lang-vb linenums">
@@ -63,7 +57,6 @@ <h3>Enable the leaving secure site feature</h3>
 
     lssw.setEnabled(true);
     lssw.setMessage("You are about to leave a secure site, do you wish to continue?");
-    lssw.setRedirectUrl("gocwebtemplate_leavesecuresiteredirect");
     lssw.setExcludedDomains("www.esdc.gc.ca,www.jobbank.gc.ca,www.readseal.ca");
     lssw.setCancelMessage("Don't leave");
     lssw.setYesMessage("Yes, leave this site");
@@ -74,20 +67,6 @@ <h3>Enable the leaving secure site feature</h3>
 }
         </pre>
     	</div>
-	    <h3>Map your "redirect" url in the controller</h3>
-	    <ul>
-	        <li>The relative url <code class="wb-prettify">/gocwebtemplate_leavesecuresiteredirect</code> will map to the method that can be used to perform the redirect.</li>
-	    </ul>
-	    <div class="wb-prettify all-pre lang-vb linenums">
-	        <h4>Code Sample for your Redirect Controller method</h4>
-	        <pre>
-@GetMapping("/gocwebtemplate_leavesecuresiteredirect")
-public void LeaveSecureSiteRedirect(HttpServletRequest request, HttpServletResponse response) throws Exception {
-	//Custom processing would go here
-	BaseUtil.doLeaveSecureSite(request, response);
-}
-	        </pre>
-	     </div>
 	<div th:replace="_samplelist :: samplelist"></div>
 </section> 
 </body>

From bbd4ea42c2e525598795487099bb6d6f7ee58e07 Mon Sep 17 00:00:00 2001
From: Pierre Lupien <pierre.lupien@hrsdc-rhdcc.gc.ca>
Date: Wed, 8 Nov 2023 11:23:24 -0500
Subject: [PATCH 2/3] Remove 'leaving secure site' redirect page from Struts
 project

---
 .../goc/webtemplate/component/BaseUtil.java   |  5 ---
 .../component/jsp/BaseCoreBean.java           |  2 +-
 .../component/jsp/LeaveSecureSiteAction.java  | 11 -----
 .../LeaveSecureSiteSampleBean.java            |  1 -
 .../src/main/resources/struts.xml             |  1 -
 .../src/main/webapp/ChangeLog.txt             |  2 +-
 .../leavesecuresitesamplecontent.jsp          | 45 +++----------------
 .../samples/LeavingSecureSiteSample.html      |  4 +-
 8 files changed, 11 insertions(+), 60 deletions(-)
 delete mode 100644 gocwebtemplate-core/gocwebtemplate-core-jsp/src/main/java/goc/webtemplate/component/jsp/LeaveSecureSiteAction.java

diff --git a/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/BaseUtil.java b/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/BaseUtil.java
index 1aead7ea..5d881732 100644
--- a/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/BaseUtil.java
+++ b/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/component/BaseUtil.java
@@ -8,11 +8,6 @@
 import goc.webtemplate.Constants;
 
 public final class BaseUtil {
-	public static void doLeaveSecureSite(HttpServletRequest req, HttpServletResponse res) throws Exception { //TODO: Remove this once no longer referenced
-		String redirectUrl = URLDecoder.decode(req.getParameter("targetUrl"), "UTF-8");
-		res.sendRedirect(redirectUrl);
-	}
-	
 	public static void doLocaleSwitch(HttpServletRequest req, HttpServletResponse res) throws Exception {
 		String currLang = req.getSession().getAttribute(Constants.CURRENT_LANG_SESSION_KEY) == null ? 
 									req.getLocale().getLanguage() : 
diff --git a/gocwebtemplate-core/gocwebtemplate-core-jsp/src/main/java/goc/webtemplate/component/jsp/BaseCoreBean.java b/gocwebtemplate-core/gocwebtemplate-core-jsp/src/main/java/goc/webtemplate/component/jsp/BaseCoreBean.java
index 10778c29..80cc20a9 100644
--- a/gocwebtemplate-core/gocwebtemplate-core-jsp/src/main/java/goc/webtemplate/component/jsp/BaseCoreBean.java
+++ b/gocwebtemplate-core/gocwebtemplate-core-jsp/src/main/java/goc/webtemplate/component/jsp/BaseCoreBean.java
@@ -35,7 +35,7 @@ protected String getDefaultLanguageLinkUrl() {
     
     @Override
     protected String getDefaultLeaveSecureSiteRedirectUrl() {
-        return "leavesecuresiteredirect.action";
+        return null;
     }
     
     @Override
diff --git a/gocwebtemplate-core/gocwebtemplate-core-jsp/src/main/java/goc/webtemplate/component/jsp/LeaveSecureSiteAction.java b/gocwebtemplate-core/gocwebtemplate-core-jsp/src/main/java/goc/webtemplate/component/jsp/LeaveSecureSiteAction.java
deleted file mode 100644
index 59c9cf4b..00000000
--- a/gocwebtemplate-core/gocwebtemplate-core-jsp/src/main/java/goc/webtemplate/component/jsp/LeaveSecureSiteAction.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package goc.webtemplate.component.jsp;
-
-import org.apache.struts2.ServletActionContext;
-
-import goc.webtemplate.component.BaseUtil;
-
-public class LeaveSecureSiteAction {
-	public void execute() throws Exception {
-		BaseUtil.doLeaveSecureSite(ServletActionContext.getRequest(), ServletActionContext.getResponse());
-	}
-}
diff --git a/gocwebtemplate-sample-jsp/src/main/java/goc/webtemplate/jsp/samplebeans/LeaveSecureSiteSampleBean.java b/gocwebtemplate-sample-jsp/src/main/java/goc/webtemplate/jsp/samplebeans/LeaveSecureSiteSampleBean.java
index 6bb7f2bd..d2b78e87 100644
--- a/gocwebtemplate-sample-jsp/src/main/java/goc/webtemplate/jsp/samplebeans/LeaveSecureSiteSampleBean.java
+++ b/gocwebtemplate-sample-jsp/src/main/java/goc/webtemplate/jsp/samplebeans/LeaveSecureSiteSampleBean.java
@@ -12,7 +12,6 @@ public void onWebTemplateInitialize() {
 
         lssw.setEnabled(true);
         lssw.setMessage("You are about to leave a secure site, do you wish to continue?");
-        lssw.setRedirectUrl("leavesecuresiteredirect.action");
         lssw.setExcludedDomains("www.esdc.gc.ca,www.jobbank.gc.ca,www.readseal.ca");
         lssw.setCancelMessage("Don't leave");
         lssw.setYesMessage("Yes, leave this site");
diff --git a/gocwebtemplate-sample-jsp/src/main/resources/struts.xml b/gocwebtemplate-sample-jsp/src/main/resources/struts.xml
index f63cf725..68d40f76 100644
--- a/gocwebtemplate-sample-jsp/src/main/resources/struts.xml
+++ b/gocwebtemplate-sample-jsp/src/main/resources/struts.xml
@@ -13,7 +13,6 @@
 		<result-types>
 			<result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult" />
 		</result-types>
-		<action name="leavesecuresiteredirect" class="goc.webtemplate.component.jsp.LeaveSecureSiteAction" method="execute"></action>
 		<action name="switchlocale" class="goc.webtemplate.component.jsp.SwitchLocaleAction" method="execute"></action>
 		<!--  ==============================================================  -->
 		
diff --git a/gocwebtemplate-sample-jsp/src/main/webapp/ChangeLog.txt b/gocwebtemplate-sample-jsp/src/main/webapp/ChangeLog.txt
index 98b71d35..cc55ab10 100644
--- a/gocwebtemplate-sample-jsp/src/main/webapp/ChangeLog.txt
+++ b/gocwebtemplate-sample-jsp/src/main/webapp/ChangeLog.txt
@@ -1,3 +1,3 @@
 For the up to date release/change log, please refer to:
 
-  https://gccode.ssc-spc.gc.ca/iitb-dgiit/sds/GOCWebTemplates/JavaTemplates/releases
+  https://github.com/wet-boew/cdts-JavaTemplates/releases
diff --git a/gocwebtemplate-sample-jsp/src/main/webapp/samplecontents/leavesecuresitesamplecontent.jsp b/gocwebtemplate-sample-jsp/src/main/webapp/samplecontents/leavesecuresitesamplecontent.jsp
index e58a939a..b1d29e45 100644
--- a/gocwebtemplate-sample-jsp/src/main/webapp/samplecontents/leavesecuresitesamplecontent.jsp
+++ b/gocwebtemplate-sample-jsp/src/main/webapp/samplecontents/leavesecuresitesamplecontent.jsp
@@ -17,8 +17,8 @@
 <ul>
     <li>display the message to the user in the form of a modal window</li>
     <li>display the message your application provides</li>
-    <li>allow your application to execute any clean up code (ex: close session, gracefully logout user etc...)</li>
     <li>allow your application to exlude any domains from raising the warning</li>
+    <li>optionally, allow your application to execute any clean up code (ex: close session, gracefully logout user etc...)</li>
 </ul>
 <h2>How it works</h2>
 <ul>
@@ -29,29 +29,21 @@
             <li>A "Yes" button appears on the window to allow the user to continue with the redirection to the selected link. (Text can be customized, see below.)</li>
         </ul>
    	</li>
-	<li>if the "Yes" button is clicked:
-        <ul>
-            <li>the user will first be redirect to the url set in <code class="wb-prettify">"leavingSecureSiteRedirectUrl"</code> via either the cdn.properties file or programmatically</li>
-            <li>the info of the linked that was clicked is part of the querystring to that url</li>
-            <li>in the redirect url provided earlier, attach the preRenderView event to the page and execute a custom bean method to perform the redirect</li>
-            <li>execute any clean up code your application requires</li>
-            <li>once executed the custom bean class will redirect the user to the url of the clicked link</li>
-            <li>the leave secure site feature is already provided by default as part of the GoC Web Template package, by default it will use the templates/leavesecuresiteredirect.xhtml page</li>
-            <li>by default the leave secure site redirect page will invoke the <code class="wb-prettify">leavesecuresiteredirect.action</code> Struts Action already pre-registered in struts.xml</li>
-        </ul>
+    <li>if the "Yes" button is clicked, the browser will be directed to the external link</li>
+    <li>optionally, a redirect url can be set in <code class="wb-prettify">"leavingSecureSiteRedirectUrl"</code> via either the cdn.properties file or programmatically.
+        If this is used, the browser will be directed to this page before leaving, where the application can terminate the user's session and let them proceed to the external link.
+        The external link will be presented to the user by placing an element <code class="wb-prettify">&lt;span class="wb-exitscript wb-exitscript-exiturlparam"&gt;&lt;/span&gt;</code> on the page.
+        For an example of a "middle page", refer to <a href="https://wet-boew.github.io/wet-boew/demos/exitscript/exitscript-en.html#wb-auto-3">scenario 3 link in the WET Documentation</a>.
     </li>
 </ul>
 <p>Here is a local link that will not display the warning: <a href="basesettingssample.action">Link to Local Page</a></p>
-<p>Here is an external link that will display the warning:<a href="https://gccode.ssc-spc.gc.ca/iitb-dgiit/sds/GOCWebTemplates/JavaTemplates/wikis/Redirect-Page">Link to External Page</a></p>
+<p>Here is an external link that will display the warning:<a href="https://github.com/wet-boew/cdts-JavaTemplates/wiki/Redirect-Page">Link to External Page</a></p>
 <h2>Steps to implement:</h2>
 <h3>Enable the leaving secure site feature</h3>
 <ul>
     <li>Set, via the cdn.properties file or programmatically in your custom bean class, <code class="wb-prettify">"Enabled"</code> to <strong>"true"</strong></li>
     <li>Provide the message to be displayed by setting the <code class="wb-prettify">"Message"</code> programmatically via the <code class="wb-prettify">setLeavingSecureSiteWarning</code> method in your custom bean class.</li>
-    <li>Set, via the cdn.properties file or programmatically in your custom bean class, <code class="wb-prettify">"RedirectUrl"</code> to your action class which will execute your clean up code and then redirect to the selected url.</li>
     <li>Set, via the cdn.properties or programmatically in your custom bean class, <code class="wb-prettify">"ExcludedDomain"</code> the list of domains you do not want to raise the warning</li>
-    <li>Optionally, provide a cancel message by setting the <code class="wb-prettify">"CancelMessage"</code> programmatically via the <code class="wb-prettify">setLeavingSecureSiteWarning</code> method in your custom bean class.</li>
-    <li>Optionally, provide a yes message by setting the <code class="wb-prettify">"YesMessage"</code> programmatically via the <code class="wb-prettify">setLeavingSecureSiteWarning</code> method in your custom bean class.</li>
 </ul>
 <div class="wb-prettify all-pre lang-vb linenums">
    	<pre>
@@ -62,7 +54,6 @@ public void onWebTemplateInitialize() {
 
     lssw.setEnabled(true);
     lssw.setMessage("You are about to leave a secure site, do you wish to continue?");
-    lssw.setRedirectUrl("leavesecuresiteredirect.action");
     lssw.setExcludedDomains("www.esdc.gc.ca,www.jobbank.gc.ca,www.readseal.ca");
     lssw.setCancelMessage("Don't leave");
     lssw.setYesMessage("Yes, leave this site");
@@ -73,26 +64,4 @@ public void onWebTemplateInitialize() {
 }
    	</pre>
 </div>
-<h3>Created your custom "redirect" class</h3>
-<ul>
-    <li>Create a class and a public method will be invoked by the preRenderView event of the redirect url</li>
-    <li>enter your clean up code if required</li>
-    <li>redirect to the <code class="wb-prettify">"targetURL"</code> parameter value in the querystring</li>
-</ul>
-<div class="wb-prettify all-pre lang-vb linenums">
-    <h3>Code Sample for your Redirect action class</h3>
-    <pre>
-import java.net.URLDecoder;
-import javax.servlet.http.HttpServletRequest;
-import org.apache.struts2.ServletActionContext;
-
-public class LeaveSecureSiteAction {
-	public void execute() throws Exception {
-		HttpServletRequest currentReq = ServletActionContext.getRequest();
-		String redirectUrl = URLDecoder.decode(currentReq.getParameter("targetUrl"), "UTF-8");
-		ServletActionContext.getResponse().sendRedirect(redirectUrl);
-	}
-}
-   </pre>
-</div>
 <%@ include file="_sampleslist.jsp" %>
diff --git a/gocwebtemplate-sample-spring/src/main/resources/samples/LeavingSecureSiteSample.html b/gocwebtemplate-sample-spring/src/main/resources/samples/LeavingSecureSiteSample.html
index 2d731080..c11cf268 100644
--- a/gocwebtemplate-sample-spring/src/main/resources/samples/LeavingSecureSiteSample.html
+++ b/gocwebtemplate-sample-spring/src/main/resources/samples/LeavingSecureSiteSample.html
@@ -36,11 +36,11 @@ <h2>How it works</h2>
         	<li>optionally, a redirect url can be set in <code class="wb-prettify">"leavingSecureSiteRedirectUrl"</code> via either the cdn.properties file or programmatically.
         	    If this is used, the browser will be directed to this page before leaving, where the application can terminate the user's session and let them proceed to the external link.
         	    The external link will be presented to the user by placing an element <code class="wb-prettify">&lt;span class="wb-exitscript wb-exitscript-exiturlparam"&gt;&lt;/span&gt;</code> on the page.
-        	    An example of "middle page" is available in the <a href="https://wet-boew.github.io/wet-boew/docs/ref/exitscript/exiturl-en.html?exturl=http%3A%2F%2Fcsszengarden.com%2F219">WET Documentation</a>.
+        	    For an example of a "middle page", refer to <a href="https://wet-boew.github.io/wet-boew/demos/exitscript/exitscript-en.html#wb-auto-3">scenario 3 link in the WET Documentation</a>.
 	        </li>
 	    </ul>
 	    <p>Here is a local link that will not display the warning: <a href="BaseSettingsSample">Link to Local Page</a></p>
-	    <p>Here is an external link that will display the warning: <a href="https://gccode.ssc-spc.gc.ca/iitb-dgiit/sds/GOCWebTemplates/JavaTemplates/wikis/Redirect-Page">Link to External Page</a></p>
+	    <p>Here is an external link that will display the warning: <a href="https://github.com/wet-boew/cdts-JavaTemplates/wiki/Redirect-Page">Link to External Page</a></p>
 	    <h2>Steps to implement:</h2>
 	    <h3>Enable the leaving secure site feature</h3>
 	    <ul>

From 148e3e2cc0d8d2426bdb5ff0a8aa4b4bf96ef1e7 Mon Sep 17 00:00:00 2001
From: Pierre Lupien <pierre.lupien@hrsdc-rhdcc.gc.ca>
Date: Wed, 8 Nov 2023 15:23:35 -0500
Subject: [PATCH 3/3] Updating version to 4.0.0

---
 CHANGELOG.md                                                 | 5 +++++
 builds/build.properties                                      | 2 +-
 gocwebtemplate-core/gocwebtemplate-core-base/pom.xml         | 2 +-
 .../src/main/java/goc/webtemplate/Constants.java             | 2 +-
 gocwebtemplate-core/gocwebtemplate-core-jsp/pom.xml          | 2 +-
 gocwebtemplate-core/gocwebtemplate-core-spring/pom.xml       | 2 +-
 gocwebtemplate-core/pom.xml                                  | 2 +-
 gocwebtemplate-sample-jsp/pom.xml                            | 4 ++--
 gocwebtemplate-sample-spring/pom.xml                         | 4 ++--
 pom.xml                                                      | 2 +-
 10 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 41436f6c..d490bdb8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 [Download and/or Installation instructions](https://github.com/wet-boew/cdts-JavaTemplates/wiki/Installation)
 
+## v4.0.0
+
+- **SECURITY FIX** Removal of default redirect handlers for "leaving secure site" feature. Leaving secure site feature now relies solely on WET functionality. Unless these redirect handlers were explicitely referenced by client application there should be no impact. (Spring version: removal of endpoint "/gocwebtemplate_leavesecuresiteredirect"; JSP version: removal of action "leavesecuresiteredirect.action")
+- Bug fixes
+
 ## v3.0.0
 
 - **IMPORTANT** ALL LAYOUT DEFINITIONS UPDATED - All inline scripts and occurences of `document.write` were removed. 
diff --git a/builds/build.properties b/builds/build.properties
index 5da5c518..f3134029 100644
--- a/builds/build.properties
+++ b/builds/build.properties
@@ -3,4 +3,4 @@
 #
 # DO NOT EDIT build.properties DIRECTLY!
 #
-gocwebtemplate.build.version=3.0.0-SNAPSHOT
+gocwebtemplate.build.version=4.0.0-SNAPSHOT
diff --git a/gocwebtemplate-core/gocwebtemplate-core-base/pom.xml b/gocwebtemplate-core/gocwebtemplate-core-base/pom.xml
index d93b4be2..2490ff74 100644
--- a/gocwebtemplate-core/gocwebtemplate-core-base/pom.xml
+++ b/gocwebtemplate-core/gocwebtemplate-core-base/pom.xml
@@ -10,7 +10,7 @@
   <parent>
     <groupId>ca.gc.gocwebtemplate</groupId>
     <artifactId>gocwebtemplate-core</artifactId>
-    <version>3.0.0-SNAPSHOT</version>
+    <version>4.0.0-SNAPSHOT</version>
     <relativePath>..</relativePath>
   </parent>
   
diff --git a/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/Constants.java b/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/Constants.java
index f07fd26b..c7e91029 100644
--- a/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/Constants.java
+++ b/gocwebtemplate-core/gocwebtemplate-core-base/src/main/java/goc/webtemplate/Constants.java
@@ -13,7 +13,7 @@ public abstract class Constants {
     
     public static final String CACHE_KEY_STATICFILES_PREFIX = "GoC.Template.CacheKey";
     
-    public static final String WEB_TEMPLATE_DISTRIBUTION_VERSION = "3.0.0";
+    public static final String WEB_TEMPLATE_DISTRIBUTION_VERSION = "4.0.0";
 
     public static final String CDTS_DEFAULT_VERSION = "v4_1_0";
     
diff --git a/gocwebtemplate-core/gocwebtemplate-core-jsp/pom.xml b/gocwebtemplate-core/gocwebtemplate-core-jsp/pom.xml
index 72847cc7..ca23e48e 100644
--- a/gocwebtemplate-core/gocwebtemplate-core-jsp/pom.xml
+++ b/gocwebtemplate-core/gocwebtemplate-core-jsp/pom.xml
@@ -10,7 +10,7 @@
   <parent>
     <groupId>ca.gc.gocwebtemplate</groupId>
     <artifactId>gocwebtemplate-core</artifactId>
-    <version>3.0.0-SNAPSHOT</version>
+    <version>4.0.0-SNAPSHOT</version>
     <relativePath>..</relativePath>
   </parent>
   
diff --git a/gocwebtemplate-core/gocwebtemplate-core-spring/pom.xml b/gocwebtemplate-core/gocwebtemplate-core-spring/pom.xml
index 72418a42..bf5282d9 100644
--- a/gocwebtemplate-core/gocwebtemplate-core-spring/pom.xml
+++ b/gocwebtemplate-core/gocwebtemplate-core-spring/pom.xml
@@ -10,7 +10,7 @@
 	<parent>
 		<groupId>ca.gc.gocwebtemplate</groupId>
 		<artifactId>gocwebtemplate-core</artifactId>
-		<version>3.0.0-SNAPSHOT</version>
+		<version>4.0.0-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	
diff --git a/gocwebtemplate-core/pom.xml b/gocwebtemplate-core/pom.xml
index 618f5d1b..caaf438c 100644
--- a/gocwebtemplate-core/pom.xml
+++ b/gocwebtemplate-core/pom.xml
@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>ca.gc.gocwebtemplate</groupId>
   <artifactId>gocwebtemplate-core</artifactId>
-  <version>3.0.0-SNAPSHOT</version>
+  <version>4.0.0-SNAPSHOT</version>
   <packaging>pom</packaging>
   
   <name>gocwebtemplate-core</name>
diff --git a/gocwebtemplate-sample-jsp/pom.xml b/gocwebtemplate-sample-jsp/pom.xml
index 1cd0e5ef..53b8724d 100644
--- a/gocwebtemplate-sample-jsp/pom.xml
+++ b/gocwebtemplate-sample-jsp/pom.xml
@@ -3,7 +3,7 @@
   
   <groupId>ca.gc.gocwebtemplate</groupId>
   <artifactId>gocwebtemplate-sample-jsp</artifactId>
-  <version>3.0.0-SNAPSHOT</version>
+  <version>4.0.0-SNAPSHOT</version>
   <packaging>war</packaging>
   
   <name>gocwebtemplate-sample-jsp</name>
@@ -14,7 +14,7 @@
     <m2eclipse.wtp.contextRoot>GoCWebTemplateSampleJSP</m2eclipse.wtp.contextRoot>    <!-- Set the context root for running locally here!  This will keep Eclipse from overriding weblogic.xml with the project's name on every Maven Update operations -->
     
     <java.version>1.8</java.version>
-    <webtemplate.version>3.0.0-SNAPSHOT</webtemplate.version>
+    <webtemplate.version>4.0.0-SNAPSHOT</webtemplate.version>
         
     <build_number>local</build_number>
     <maven.build.timestamp.format>yyyy/MM/dd HH:mm:ss</maven.build.timestamp.format>
diff --git a/gocwebtemplate-sample-spring/pom.xml b/gocwebtemplate-sample-spring/pom.xml
index 531e0638..191f1920 100644
--- a/gocwebtemplate-sample-spring/pom.xml
+++ b/gocwebtemplate-sample-spring/pom.xml
@@ -3,7 +3,7 @@
 
 	<groupId>ca.gc.gocwebtemplate</groupId>
   	<artifactId>gocwebtemplate-sample-spring</artifactId>
-  	<version>3.0.0-SNAPSHOT</version>
+  	<version>4.0.0-SNAPSHOT</version>
   	<!--Change packaging type to "war" if your application must be deployable in a web container-->
  	<packaging>jar</packaging>
  
@@ -11,7 +11,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<java.version>1.8</java.version>
 		<springboot.version>2.6.6</springboot.version>
-		<webtemplate.version>3.0.0-SNAPSHOT</webtemplate.version>
+		<webtemplate.version>4.0.0-SNAPSHOT</webtemplate.version>
 		
 		<build_number>local</build_number>
 		<timestamp>${maven.build.timestamp}</timestamp>
diff --git a/pom.xml b/pom.xml
index 58cdcde6..2f2e3641 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>ca.gc.gocwebtemplate</groupId>
   <artifactId>gocwebtemplate</artifactId>
-  <version>3.0.0-SNAPSHOT</version>
+  <version>4.0.0-SNAPSHOT</version>
   <packaging>pom</packaging>
   
   <name>gocwebtemplate</name>