public abstract class AbstractAuthenticationTargetUrlRequestHandler
extends java.lang.Object
Authentication
object as part of the contract. See
AuthenticationSuccessHandler
and
LogoutSuccessHandler
, for example.
Uses the following logic sequence to determine how it should handle the forward/redirect
alwaysUseDefaultTargetUrl
property is set to true, the
defaultTargetUrl
property will be used for the destination.targetUrlParameter
has been set on the
request, the value will be used as the destination. If you are enabling this
functionality, then you should ensure that the parameter cannot be used by an attacker
to redirect the user to a malicious site (by clicking on a URL with the parameter
included, for example). Typically it would be used when the parameter is included in
the login form and submitted with the username and password.useReferer
property is set, the "Referer" HTTP header value will be
used, if present.defaultTargetUrl
value will be used.Modifier and Type | Field and Description |
---|---|
protected org.apache.commons.logging.Log |
logger |
Modifier | Constructor and Description |
---|---|
protected |
AbstractAuthenticationTargetUrlRequestHandler() |
Modifier and Type | Method and Description |
---|---|
protected java.lang.String |
determineTargetUrl(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Builds the target URL according to the logic defined in the main class Javadoc.
|
protected java.lang.String |
determineTargetUrl(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Builds the target URL according to the logic defined in the main class Javadoc
|
protected java.lang.String |
getDefaultTargetUrl()
Supplies the default target Url that will be used if no saved request is found or
the
alwaysUseDefaultTargetUrl property is set to true. |
protected RedirectStrategy |
getRedirectStrategy() |
protected java.lang.String |
getTargetUrlParameter() |
protected void |
handle(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Invokes the configured
RedirectStrategy with the URL returned by the
determineTargetUrl method. |
protected boolean |
isAlwaysUseDefaultTargetUrl() |
void |
setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
If
true , will always redirect to the value of defaultTargetUrl
(defaults to false ). |
void |
setDefaultTargetUrl(java.lang.String defaultTargetUrl)
Supplies the default target Url that will be used if no saved request is found in
the session, or the
alwaysUseDefaultTargetUrl property is set to true. |
void |
setRedirectStrategy(RedirectStrategy redirectStrategy)
Allows overriding of the behaviour when redirecting to a target URL.
|
void |
setTargetUrlParameter(java.lang.String targetUrlParameter)
If this property is set, the current request will be checked for this a parameter
with this name and the value used as the target URL if present.
|
void |
setUseReferer(boolean useReferer)
If set to
true the Referer header will be used (if available). |
protected AbstractAuthenticationTargetUrlRequestHandler()
protected void handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authentication) throws java.io.IOException, javax.servlet.ServletException
RedirectStrategy
with the URL returned by the
determineTargetUrl
method.
The redirect will not be performed if the response has already been committed.
java.io.IOException
javax.servlet.ServletException
protected java.lang.String determineTargetUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authentication)
protected java.lang.String determineTargetUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected final java.lang.String getDefaultTargetUrl()
alwaysUseDefaultTargetUrl
property is set to true. If not set, defaults
to /
.public void setDefaultTargetUrl(java.lang.String defaultTargetUrl)
alwaysUseDefaultTargetUrl
property is set to true. If
not set, defaults to /
. It will be treated as relative to the web-app's
context path, and should include the leading /
. Alternatively,
inclusion of a scheme name (such as "http://" or "https://") as the prefix will
denote a fully-qualified URL and this is also supported.defaultTargetUrl
- public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
true
, will always redirect to the value of defaultTargetUrl
(defaults to false
).protected boolean isAlwaysUseDefaultTargetUrl()
public void setTargetUrlParameter(java.lang.String targetUrlParameter)
targetUrlParameter
- the name of the parameter containing the encoded target
URL. Defaults to null.protected java.lang.String getTargetUrlParameter()
public void setRedirectStrategy(RedirectStrategy redirectStrategy)
protected RedirectStrategy getRedirectStrategy()
public void setUseReferer(boolean useReferer)
true
the Referer
header will be used (if available).
Defaults to false
.