Package org.springframework.security.web.util

Class UrlUtils

  • public final class UrlUtils
extends java.lang.Object
    Provides static methods for composing URLs.

    Placed into a separate class for visibility, so that changes to URL formatting conventions will affect all users.

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.lang.String buildFullRequestUrl​(java.lang.String scheme, java.lang.String serverName, int serverPort, java.lang.String requestURI, java.lang.String queryString)
      Obtains the full URL the client used to make the request.
      static java.lang.String buildFullRequestUrl​(javax.servlet.http.HttpServletRequest r)  
      static java.lang.String buildRequestUrl​(javax.servlet.http.HttpServletRequest r)
      Obtains the web application-specific fragment of the request URL.
      static boolean isAbsoluteUrl​(java.lang.String url)
      Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.
      static boolean isValidRedirectUrl​(java.lang.String url)
      Returns true if the supplied URL starts with a "/" or is absolute.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • buildFullRequestUrl

        public static java.lang.String buildFullRequestUrl​(javax.servlet.http.HttpServletRequest r)

      • buildFullRequestUrl

        public static java.lang.String buildFullRequestUrl​(java.lang.String scheme,
                                                   java.lang.String serverName,
                                                   int serverPort,
                                                   java.lang.String requestURI,
                                                   java.lang.String queryString)
        Obtains the full URL the client used to make the request.

        Note that the server port will not be shown if it is the default server port for HTTP or HTTPS (80 and 443 respectively).

        Returns:
        the full URL, suitable for redirects (not decoded).

      • buildRequestUrl

        public static java.lang.String buildRequestUrl​(javax.servlet.http.HttpServletRequest r)
        Obtains the web application-specific fragment of the request URL.

        Under normal spec conditions, 

         requestURI = contextPath + servletPath + pathInfo
        But the requestURI is not decoded, whereas the servletPath and pathInfo are (SEC-1255). This method is typically used to return a URL for matching against secured paths, hence the decoded form is used in preference to the requestURI for building the returned value. But this method may also be called using dummy request objects which just have the requestURI and contextPatth set, for example, so it will fall back to using those.
        Returns:
        the decoded URL, excluding any server name, context path or servlet path

      • isValidRedirectUrl

        public static boolean isValidRedirectUrl​(java.lang.String url)
        Returns true if the supplied URL starts with a "/" or is absolute.

      • isAbsoluteUrl

        public static boolean isAbsoluteUrl​(java.lang.String url)
        Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.