1 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package org.springframework.security.ui; 17 18 import java.io.UnsupportedEncodingException; 19 import java.net.URLDecoder; 20 21 import javax.servlet.http.HttpServletRequest; 22 23 import org.springframework.security.Authentication; 24 import org.springframework.security.ui.savedrequest.SavedRequest; 25 import org.springframework.util.Assert; 26 import org.springframework.util.StringUtils; 27 28 29 /** 30 * Default implementation for {@link TargetUrlResolver} 31 * <p> 32 * Returns a target URL based from the contents of the configured <tt>targetUrlParameter</tt> if present on 33 * the current request. Failing that, the SavedRequest in the session will be used. 34 * 35 * @author Martino Piccinato 36 * @author Luke Taylor 37 * @version $Id: TargetUrlResolverImpl.java 3108 2008-05-30 17:53:09Z luke_t $ 38 * @since 2.0 39 * 40 */ 41 public class TargetUrlResolverImpl implements TargetUrlResolver { 42 public static String DEFAULT_TARGET_PARAMETER = "spring-security-redirect"; 43 44 /* SEC-213 */ 45 private String targetUrlParameter = DEFAULT_TARGET_PARAMETER; 46 47 /** 48 * If <code>true</code>, will only use <code>SavedRequest</code> to determine the target URL on successful 49 * authentication if the request that caused the authentication request was a GET. 50 * It will then return null for a POST/PUT request. 51 * Defaults to false. 52 */ 53 private boolean justUseSavedRequestOnGet = false; 54 55 /* (non-Javadoc) 56 * @see org.acegisecurity.ui.TargetUrlResolver#determineTargetUrl(org.acegisecurity.ui.savedrequest.SavedRequest, javax.servlet.http.HttpServletRequest, org.acegisecurity.Authentication) 57 */ 58 public String determineTargetUrl(SavedRequest savedRequest, HttpServletRequest currentRequest, 59 Authentication auth) { 60 61 String targetUrl = currentRequest.getParameter(targetUrlParameter); 62 63 if (StringUtils.hasText(targetUrl)) { 64 try { 65 return URLDecoder.decode(targetUrl, "UTF-8"); 66 } catch (UnsupportedEncodingException e) { 67 throw new IllegalStateException("UTF-8 not supported. Shouldn't be possible"); 68 } 69 } 70 71 if (savedRequest != null) { 72 if (!justUseSavedRequestOnGet || savedRequest.getMethod().equals("GET")) { 73 targetUrl = savedRequest.getFullRequestUrl(); 74 } 75 } 76 77 return targetUrl; 78 } 79 80 /** 81 * @return <code>true</code> if just GET request will be used 82 * to determine target URLs, <code>false</code> otherwise. 83 */ 84 protected boolean isJustUseSavedRequestOnGet() { 85 return justUseSavedRequestOnGet; 86 } 87 88 /** 89 * @param justUseSavedRequestOnGet set to <code>true</code> if 90 * just GET request will be used to determine target URLs, 91 * <code>false</code> otherwise. 92 */ 93 public void setJustUseSavedRequestOnGet(boolean justUseSavedRequestOnGet) { 94 this.justUseSavedRequestOnGet = justUseSavedRequestOnGet; 95 } 96 97 98 /** 99 * Before checking the SavedRequest, the current request will be checked for this parameter 100 * and the value used as the target URL if resent. 101 * 102 * @param targetUrlParameter the name of the parameter containing the encoded target URL. Defaults 103 * to "redirect". 104 */ 105 public void setTargetUrlParameter(String targetUrlParameter) { 106 Assert.hasText("targetUrlParamete canot be null or empty"); 107 this.targetUrlParameter = targetUrlParameter; 108 } 109 }