1 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 package org.springframework.security.ui;
17
18 import java.io.UnsupportedEncodingException;
19 import java.net.URLDecoder;
20
21 import javax.servlet.http.HttpServletRequest;
22
23 import org.springframework.security.Authentication;
24 import org.springframework.security.ui.savedrequest.SavedRequest;
25 import org.springframework.util.Assert;
26 import org.springframework.util.StringUtils;
27
28
29 /**
30 * Default implementation for {@link TargetUrlResolver}
31 * <p>
32 * Returns a target URL based from the contents of the configured <tt>targetUrlParameter</tt> if present on
33 * the current request. Failing that, the SavedRequest in the session will be used.
34 *
35 * @author Martino Piccinato
36 * @author Luke Taylor
37 * @version $Id: TargetUrlResolverImpl.java 3108 2008-05-30 17:53:09Z luke_t $
38 * @since 2.0
39 *
40 */
41 public class TargetUrlResolverImpl implements TargetUrlResolver {
42 public static String DEFAULT_TARGET_PARAMETER = "spring-security-redirect";
43
44 /* SEC-213 */
45 private String targetUrlParameter = DEFAULT_TARGET_PARAMETER;
46
47 /**
48 * If <code>true</code>, will only use <code>SavedRequest</code> to determine the target URL on successful
49 * authentication if the request that caused the authentication request was a GET.
50 * It will then return null for a POST/PUT request.
51 * Defaults to false.
52 */
53 private boolean justUseSavedRequestOnGet = false;
54
55 /* (non-Javadoc)
56 * @see org.acegisecurity.ui.TargetUrlResolver#determineTargetUrl(org.acegisecurity.ui.savedrequest.SavedRequest, javax.servlet.http.HttpServletRequest, org.acegisecurity.Authentication)
57 */
58 public String determineTargetUrl(SavedRequest savedRequest, HttpServletRequest currentRequest,
59 Authentication auth) {
60
61 String targetUrl = currentRequest.getParameter(targetUrlParameter);
62
63 if (StringUtils.hasText(targetUrl)) {
64 try {
65 return URLDecoder.decode(targetUrl, "UTF-8");
66 } catch (UnsupportedEncodingException e) {
67 throw new IllegalStateException("UTF-8 not supported. Shouldn't be possible");
68 }
69 }
70
71 if (savedRequest != null) {
72 if (!justUseSavedRequestOnGet || savedRequest.getMethod().equals("GET")) {
73 targetUrl = savedRequest.getFullRequestUrl();
74 }
75 }
76
77 return targetUrl;
78 }
79
80 /**
81 * @return <code>true</code> if just GET request will be used
82 * to determine target URLs, <code>false</code> otherwise.
83 */
84 protected boolean isJustUseSavedRequestOnGet() {
85 return justUseSavedRequestOnGet;
86 }
87
88 /**
89 * @param justUseSavedRequestOnGet set to <code>true</code> if
90 * just GET request will be used to determine target URLs,
91 * <code>false</code> otherwise.
92 */
93 public void setJustUseSavedRequestOnGet(boolean justUseSavedRequestOnGet) {
94 this.justUseSavedRequestOnGet = justUseSavedRequestOnGet;
95 }
96
97
98 /**
99 * Before checking the SavedRequest, the current request will be checked for this parameter
100 * and the value used as the target URL if resent.
101 *
102 * @param targetUrlParameter the name of the parameter containing the encoded target URL. Defaults
103 * to "redirect".
104 */
105 public void setTargetUrlParameter(String targetUrlParameter) {
106 Assert.hasText("targetUrlParamete canot be null or empty");
107 this.targetUrlParameter = targetUrlParameter;
108 }
109 }