org.springframework.security.web.util
Class UrlUtils

java.lang.Object
  extended by org.springframework.security.web.util.UrlUtils

public final class UrlUtils
extends Object

Provides static methods for composing URLs.

Placed into a separate class for visibility, so that changes to URL formatting conventions will affect all users.


Constructor Summary
UrlUtils()
           
 
Method Summary
static String buildFullRequestUrl(javax.servlet.http.HttpServletRequest r)
           
static String buildFullRequestUrl(String scheme, String serverName, int serverPort, String requestURI, String queryString)
          Obtains the full URL the client used to make the request.
static String buildRequestUrl(javax.servlet.http.HttpServletRequest r)
          Obtains the web application-specific fragment of the request URL.
static boolean isAbsoluteUrl(String url)
          Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.
static boolean isValidRedirectUrl(String url)
          Returns true if the supplied URL starts with a "/" or is absolute.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UrlUtils

public UrlUtils()
Method Detail

buildFullRequestUrl

public static String buildFullRequestUrl(javax.servlet.http.HttpServletRequest r)

buildFullRequestUrl

public static String buildFullRequestUrl(String scheme,
                                         String serverName,
                                         int serverPort,
                                         String requestURI,
                                         String queryString)
Obtains the full URL the client used to make the request.

Note that the server port will not be shown if it is the default server port for HTTP or HTTPS (80 and 443 respectively).

Returns:
the full URL, suitable for redirects (not decoded).

buildRequestUrl

public static String buildRequestUrl(javax.servlet.http.HttpServletRequest r)
Obtains the web application-specific fragment of the request URL.

Under normal spec conditions,

 requestURI = contextPath + servletPath + pathInfo
 
But the requestURI is not decoded, whereas the servletPath and pathInfo are (SEC-1255). This method is typically used to return a URL for matching against secured paths, hence the decoded form is used in preference to the requestURI for building the returned value. But this method may also be called using dummy request objects which just have the requestURI and contextPatth set, for example, so it will fall back to using those.

Returns:
the decoded URL, excluding any server name, context path or servlet path

isValidRedirectUrl

public static boolean isValidRedirectUrl(String url)
Returns true if the supplied URL starts with a "/" or is absolute.


isAbsoluteUrl

public static boolean isAbsoluteUrl(String url)
Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.