public abstract class AbstractAuthenticationTargetUrlRequestHandler
extends java.lang.Object
Authentication object as part of the contract. See
 AuthenticationSuccessHandler and
 LogoutSuccessHandler, for example.
 Uses the following logic sequence to determine how it should handle the forward/redirect
alwaysUseDefaultTargetUrl property is set to true, the
 defaultTargetUrl property will be used for the destination.targetUrlParameter has been set on the
 request, the value will be used as the destination. If you are enabling this
 functionality, then you should ensure that the parameter cannot be used by an attacker
 to redirect the user to a malicious site (by clicking on a URL with the parameter
 included, for example). Typically it would be used when the parameter is included in
 the login form and submitted with the username and password.useReferer property is set, the "Referer" HTTP header value will be
 used, if present.defaultTargetUrl value will be used.| Modifier and Type | Field and Description | 
|---|---|
| protected org.apache.commons.logging.Log | logger | 
| Modifier | Constructor and Description | 
|---|---|
| protected  | AbstractAuthenticationTargetUrlRequestHandler() | 
| Modifier and Type | Method and Description | 
|---|---|
| protected java.lang.String | determineTargetUrl(javax.servlet.http.HttpServletRequest request,
                  javax.servlet.http.HttpServletResponse response)Builds the target URL according to the logic defined in the main class Javadoc. | 
| protected java.lang.String | determineTargetUrl(javax.servlet.http.HttpServletRequest request,
                  javax.servlet.http.HttpServletResponse response,
                  Authentication authentication)Builds the target URL according to the logic defined in the main class Javadoc | 
| protected java.lang.String | getDefaultTargetUrl()Supplies the default target Url that will be used if no saved request is found or
 the  alwaysUseDefaultTargetUrlproperty is set to true. | 
| protected RedirectStrategy | getRedirectStrategy() | 
| protected java.lang.String | getTargetUrlParameter() | 
| protected void | handle(javax.servlet.http.HttpServletRequest request,
      javax.servlet.http.HttpServletResponse response,
      Authentication authentication)Invokes the configured  RedirectStrategywith the URL returned by thedetermineTargetUrlmethod. | 
| protected boolean | isAlwaysUseDefaultTargetUrl() | 
| void | setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)If  true, will always redirect to the value ofdefaultTargetUrl(defaults tofalse). | 
| void | setDefaultTargetUrl(java.lang.String defaultTargetUrl)Supplies the default target Url that will be used if no saved request is found in
 the session, or the  alwaysUseDefaultTargetUrlproperty is set to true. | 
| void | setRedirectStrategy(RedirectStrategy redirectStrategy)Allows overriding of the behaviour when redirecting to a target URL. | 
| void | setTargetUrlParameter(java.lang.String targetUrlParameter)If this property is set, the current request will be checked for this a parameter
 with this name and the value used as the target URL if present. | 
| void | setUseReferer(boolean useReferer)If set to  truetheRefererheader will be used (if available). | 
protected AbstractAuthenticationTargetUrlRequestHandler()
protected void handle(javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response,
                      Authentication authentication)
               throws java.io.IOException,
                      javax.servlet.ServletException
RedirectStrategy with the URL returned by the
 determineTargetUrl method.
 The redirect will not be performed if the response has already been committed.
java.io.IOExceptionjavax.servlet.ServletExceptionprotected java.lang.String determineTargetUrl(javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response,
                                              Authentication authentication)
protected java.lang.String determineTargetUrl(javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response)
protected final java.lang.String getDefaultTargetUrl()
alwaysUseDefaultTargetUrl property is set to true. If not set, defaults
 to /.public void setDefaultTargetUrl(java.lang.String defaultTargetUrl)
alwaysUseDefaultTargetUrl property is set to true. If
 not set, defaults to /. It will be treated as relative to the web-app's
 context path, and should include the leading /. Alternatively,
 inclusion of a scheme name (such as "http://" or "https://") as the prefix will
 denote a fully-qualified URL and this is also supported.defaultTargetUrl - public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
true, will always redirect to the value of defaultTargetUrl
 (defaults to false).protected boolean isAlwaysUseDefaultTargetUrl()
public void setTargetUrlParameter(java.lang.String targetUrlParameter)
targetUrlParameter - the name of the parameter containing the encoded target
 URL. Defaults to null.protected java.lang.String getTargetUrlParameter()
public void setRedirectStrategy(RedirectStrategy redirectStrategy)
protected RedirectStrategy getRedirectStrategy()
public void setUseReferer(boolean useReferer)
true the Referer header will be used (if available).
 Defaults to false.