Package org.springframework.security.web.util

Class UrlUtils

java.lang.Object
org.springframework.security.web.util.UrlUtils
public final class UrlUtils extends Object
Provides static methods for composing URLs.

Placed into a separate class for visibility, so that changes to URL formatting conventions will affect all users.

  • Method Details

    • buildFullRequestUrl

      public static String buildFullRequestUrl(jakarta.servlet.http.HttpServletRequest r)

    • buildFullRequestUrl

      public static String buildFullRequestUrl(String scheme, String serverName, int serverPort, String requestURI, String queryString)
      Obtains the full URL the client used to make the request.

      Note that the server port will not be shown if it is the default server port for HTTP or HTTPS (80 and 443 respectively).

      Returns:
      the full URL, suitable for redirects (not decoded).

    • buildRequestUrl

      public static String buildRequestUrl(jakarta.servlet.http.HttpServletRequest r)
      Obtains the web application-specific fragment of the request URL.

      Under normal spec conditions, 

       requestURI = contextPath + servletPath + pathInfo
      But the requestURI is not decoded, whereas the servletPath and pathInfo are (SEC-1255). This method is typically used to return a URL for matching against secured paths, hence the decoded form is used in preference to the requestURI for building the returned value. But this method may also be called using dummy request objects which just have the requestURI and contextPatth set, for example, so it will fall back to using those.
      Returns:
      the decoded URL, excluding any server name, context path or servlet path

    • isValidRedirectUrl

      public static boolean isValidRedirectUrl(String url)
      Returns true if the supplied URL starts with a "/" or is absolute.

    • isAbsoluteUrl

      public static boolean isAbsoluteUrl(String url)
      Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.