|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
public abstract class AbstractAuthenticationTargetUrlRequestHandler
Base class containing the logic used by strategies which handle redirection to a URL and
are passed an Authentication
object as part of the contract.
See AuthenticationSuccessHandler
and
LogoutSuccessHandler
, for example.
Uses the following logic sequence to determine how it should handle the forward/redirect
alwaysUseDefaultTargetUrl
property is set to true, the defaultTargetUrl
property
will be used for the destination.
targetUrlParameter
has been set on the request, the value will be used
as the destination. If you are enabling this functionality, then you should ensure that the parameter
cannot be used by an attacker to redirect the user to a malicious site (by clicking on a URL with the parameter
included, for example). Typically it would be used when the parameter is included in the login form and submitted with
the username and password.
useReferer
property is set, the "Referer" HTTP header value will be used, if present.
defaultTargetUrl
value will be used.
Field Summary | |
---|---|
protected org.apache.commons.logging.Log |
logger
|
Constructor Summary | |
---|---|
protected |
AbstractAuthenticationTargetUrlRequestHandler()
|
Method Summary | |
---|---|
protected String |
determineTargetUrl(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Builds the target URL according to the logic defined in the main class Javadoc. |
protected String |
getDefaultTargetUrl()
Supplies the default target Url that will be used if no saved request is found or the alwaysUseDefaultTargetUrl property is set to true. |
protected RedirectStrategy |
getRedirectStrategy()
|
protected String |
getTargetUrlParameter()
|
protected void |
handle(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Invokes the configured RedirectStrategy with the URL returned by the determineTargetUrl method. |
protected boolean |
isAlwaysUseDefaultTargetUrl()
|
void |
setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
If true , will always redirect to the value of defaultTargetUrl
(defaults to false ). |
void |
setDefaultTargetUrl(String defaultTargetUrl)
Supplies the default target Url that will be used if no saved request is found in the session, or the alwaysUseDefaultTargetUrl property is set to true. |
void |
setRedirectStrategy(RedirectStrategy redirectStrategy)
Allows overriding of the behaviour when redirecting to a target URL. |
void |
setTargetUrlParameter(String targetUrlParameter)
If this property is set, the current request will be checked for this a parameter with this name and the value used as the target URL if present. |
void |
setUseReferer(boolean useReferer)
If set to true the Referer header will be used (if available). |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected final org.apache.commons.logging.Log logger
Constructor Detail |
---|
protected AbstractAuthenticationTargetUrlRequestHandler()
Method Detail |
---|
protected void handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authentication) throws IOException, javax.servlet.ServletException
RedirectStrategy
with the URL returned by the determineTargetUrl
method.
The redirect will not be performed if the response has already been committed.
IOException
javax.servlet.ServletException
protected String determineTargetUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected final String getDefaultTargetUrl()
alwaysUseDefaultTargetUrl
property is set to true. If not set, defaults to /
.
public void setDefaultTargetUrl(String defaultTargetUrl)
alwaysUseDefaultTargetUrl
property is set to true. If not set, defaults to /
. It
will be treated as relative to the web-app's context path, and should include the leading /
.
Alternatively, inclusion of a scheme name (such as "http://" or "https://") as the prefix will denote a
fully-qualified URL and this is also supported.
defaultTargetUrl
- public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
true
, will always redirect to the value of defaultTargetUrl
(defaults to false
).
protected boolean isAlwaysUseDefaultTargetUrl()
public void setTargetUrlParameter(String targetUrlParameter)
targetUrlParameter
- the name of the parameter containing the encoded target URL. Defaults
to null.protected String getTargetUrlParameter()
public void setRedirectStrategy(RedirectStrategy redirectStrategy)
protected RedirectStrategy getRedirectStrategy()
public void setUseReferer(boolean useReferer)
true
the Referer
header will be used (if available). Defaults to false
.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |