Package org.broadleafcommerce.common.security

Class LocalRedirectStrategy

java.lang.Object

org.broadleafcommerce.common.security.LocalRedirectStrategy

All Implemented Interfaces:

org.springframework.security.web.RedirectStrategy

public class LocalRedirectStrategy
extends Object
implements org.springframework.security.web.RedirectStrategy

This class insures that if using the successUrl or failureUrl request parameter, then the urls are valid and are local to the application (preventing a user modifying to go somewhere else on login success/failure)

Constructor Summary

Constructors

Constructor	Description
LocalRedirectStrategy()

Method Summary

Modifier and Type	Method	Description
protected String	calculateRedirectUrl(String contextPath, String url)	Create the redirect url
void	sendRedirect(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String url)
void	setContextRelative(boolean contextRelative)	Set whether or not the context should be included in the redirect path.
void	setEnforcePortMatch(boolean enforcePortMatch)	This forces the redirect url port to match the request port.
protected void	validateRedirectUrl(String contextPath, String url, String requestServerName, int requestServerPort)	Insure the url is valid (must begin with http or https) and local to the application

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

LocalRedirectStrategy

public LocalRedirectStrategy()

Method Details

sendRedirect

public void sendRedirect(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 String url)
                  throws IOException

Specified by:

sendRedirect in interface org.springframework.security.web.RedirectStrategy

Throws:

IOException

calculateRedirectUrl

protected String calculateRedirectUrl(String contextPath,
 String url)

Create the redirect url

Parameters:

contextPath -

url -

Returns:

validateRedirectUrl

protected void validateRedirectUrl(String contextPath,
 String url,
 String requestServerName,
 int requestServerPort)
                            throws MalformedURLException

Insure the url is valid (must begin with http or https) and local to the application

Parameters:

contextPath - the application context path

url - the url to validate

requestServerName - the server name of the request

requestServerPort - the port of the request

Throws:

MalformedURLException - if the url is invalid

setEnforcePortMatch

public void setEnforcePortMatch(boolean enforcePortMatch)

This forces the redirect url port to match the request port. This could be problematic when switching between secure and non-secure (e.g. http://localhost:8080 to https://localhost:8443)

Parameters:

enforcePortMatch -

setContextRelative

public void setContextRelative(boolean contextRelative)

Set whether or not the context should be included in the redirect path. If true, the context is excluded from the generated path, otherwise it is included.

Parameters:

contextRelative -