Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.web.context
Class SaveContextOnUpdateOrErrorResponseWrapper

java.lang.Object
  extended by javax.servlet.ServletResponseWrapper
      extended by javax.servlet.http.HttpServletResponseWrapper
          extended by org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
All Implemented Interfaces:
javax.servlet.http.HttpServletResponse, javax.servlet.ServletResponse
public abstract class SaveContextOnUpdateOrErrorResponseWrapper
extends javax.servlet.http.HttpServletResponseWrapper

Base class for response wrappers which encapsulate the logic for storing a security context and which store the SecurityContext when a sendError(), sendRedirect, getOutputStream().close(), getOutputStream().flush(), getWriter().close(), or getWriter().flush() happens on the same thread that this SaveContextOnUpdateOrErrorResponseWrapper was created. See issue SEC-398 and SEC-2005.

Sub-classes should implement the saveContext(SecurityContext context) method.

Support is also provided for disabling URL rewriting

Since:
3.0

Field Summary
 
Fields inherited from interface javax.servlet.http.HttpServletResponse
SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY
 
Constructor Summary
SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response, boolean disableUrlRewriting)
           
 
Method Summary
 void disableSaveOnResponseCommitted()
          Invoke this method to disable automatic saving of the SecurityContext when the HttpServletResponse is committed.
 String encodeRedirectUrl(String url)
           
 String encodeRedirectURL(String url)
           
 String encodeUrl(String url)
           
 String encodeURL(String url)
           
 void flushBuffer()
          Makes sure the context is stored before calling the superclass flushBuffer()
 javax.servlet.ServletOutputStream getOutputStream()
          Makes sure the context is stored before calling getOutputStream().close() or getOutputStream().flush()
 PrintWriter getWriter()
          Makes sure the context is stored before calling getWriter().close() or getWriter().flush()
 boolean isContextSaved()
          Tells if the response wrapper has called saveContext() because of this wrapper.
protected abstract  void saveContext(SecurityContext context)
          Implements the logic for storing the security context.
 void sendError(int sc)
          Makes sure the session is updated before calling the superclass sendError()
 void sendError(int sc, String msg)
          Makes sure the session is updated before calling the superclass sendError()
 void sendRedirect(String location)
          Makes sure the context is stored before calling the superclass sendRedirect()
 
Methods inherited from class javax.servlet.http.HttpServletResponseWrapper
addCookie, addDateHeader, addHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, setDateHeader, setHeader, setIntHeader, setStatus, setStatus
 
Methods inherited from class javax.servlet.ServletResponseWrapper
getBufferSize, getCharacterEncoding, getContentType, getLocale, getResponse, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentType, setLocale, setResponse
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface javax.servlet.ServletResponse
getBufferSize, getCharacterEncoding, getContentType, getLocale, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentType, setLocale
 

Constructor Detail

SaveContextOnUpdateOrErrorResponseWrapper

public SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response,
                                                 boolean disableUrlRewriting)
Parameters:
response - the response to be wrapped
disableUrlRewriting - turns the URL encoding methods into null operations, preventing the use of URL rewriting to add the session identifier as a URL parameter.
Method Detail

disableSaveOnResponseCommitted

public void disableSaveOnResponseCommitted()
Invoke this method to disable automatic saving of the SecurityContext when the HttpServletResponse is committed. This can be useful in the event that Async Web Requests are made which may no longer contain the SecurityContext on it.

saveContext

protected abstract void saveContext(SecurityContext context)
Implements the logic for storing the security context.

Parameters:
context - the SecurityContext instance to store

sendError

public final void sendError(int sc)
                     throws IOException
Makes sure the session is updated before calling the superclass sendError()

Specified by:
sendError in interface javax.servlet.http.HttpServletResponse
Overrides:
sendError in class javax.servlet.http.HttpServletResponseWrapper
Throws:
IOException

sendError

public final void sendError(int sc,
                            String msg)
                     throws IOException
Makes sure the session is updated before calling the superclass sendError()

Specified by:
sendError in interface javax.servlet.http.HttpServletResponse
Overrides:
sendError in class javax.servlet.http.HttpServletResponseWrapper
Throws:
IOException

sendRedirect

public final void sendRedirect(String location)
                        throws IOException
Makes sure the context is stored before calling the superclass sendRedirect()

Specified by:
sendRedirect in interface javax.servlet.http.HttpServletResponse
Overrides:
sendRedirect in class javax.servlet.http.HttpServletResponseWrapper
Throws:
IOException

getOutputStream

public javax.servlet.ServletOutputStream getOutputStream()
                                                  throws IOException
Makes sure the context is stored before calling getOutputStream().close() or getOutputStream().flush()

Specified by:
getOutputStream in interface javax.servlet.ServletResponse
Overrides:
getOutputStream in class javax.servlet.ServletResponseWrapper
Throws:
IOException

getWriter

public PrintWriter getWriter()
                      throws IOException
Makes sure the context is stored before calling getWriter().close() or getWriter().flush()

Specified by:
getWriter in interface javax.servlet.ServletResponse
Overrides:
getWriter in class javax.servlet.ServletResponseWrapper
Throws:
IOException

flushBuffer

public void flushBuffer()
                 throws IOException
Makes sure the context is stored before calling the superclass flushBuffer()

Specified by:
flushBuffer in interface javax.servlet.ServletResponse
Overrides:
flushBuffer in class javax.servlet.ServletResponseWrapper
Throws:
IOException

encodeRedirectUrl

public final String encodeRedirectUrl(String url)
Specified by:
encodeRedirectUrl in interface javax.servlet.http.HttpServletResponse
Overrides:
encodeRedirectUrl in class javax.servlet.http.HttpServletResponseWrapper

encodeRedirectURL

public final String encodeRedirectURL(String url)
Specified by:
encodeRedirectURL in interface javax.servlet.http.HttpServletResponse
Overrides:
encodeRedirectURL in class javax.servlet.http.HttpServletResponseWrapper

encodeUrl

public final String encodeUrl(String url)
Specified by:
encodeUrl in interface javax.servlet.http.HttpServletResponse
Overrides:
encodeUrl in class javax.servlet.http.HttpServletResponseWrapper

encodeURL

public final String encodeURL(String url)
Specified by:
encodeURL in interface javax.servlet.http.HttpServletResponse
Overrides:
encodeURL in class javax.servlet.http.HttpServletResponseWrapper

isContextSaved

public final boolean isContextSaved()
Tells if the response wrapper has called saveContext() because of this wrapper.

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD