Anchors/fragments are lost across redirects, as the server-side handler of the form post ignores the client-side anchor, unless appended to the form POST url. See https://jira.springsource.org/browse/SEC-1067 for more details. This feature is needed if you want a CAS-authenticated application to be able to use anchors/fragments when bookmarking. If the user has a bookmark with an anchor/fragment in it and is redirected to the login page when attempting to navigate to the link with the anchor, the anchor will be lost upon redirect without this patch.
Let's assume you go to www.example.com/index#someAnchor, but you have not been authenticated. The container will automatically redirect you to your login page, but the browser will maintain the anchor/fragment from the original link: www.example.com/login#someAnchor. With the change demonstrated below, it is ensured that the anchor is not lost upon the form post so that it can be re-applied by the browser to the redirect URL issued by the server upon successful login. Because anchors/fragments are client-side pieces maintained by the browser and NEVER transmitted as part of the HTTP POST to the server, this is the only way to maintain the anchor/fragment (without putting it in the POST data and modifying the server to restore it).
Changes to cas.js:
Changes to casLoginView.jsp: