List of usage examples for org.springframework.security.web.util UrlUtils isValidRedirectUrl
public static boolean isValidRedirectUrl(String url)
From source file:com.gst.infrastructure.security.service.CustomAuthenticationFailureHandler.java
/** * The URL which will be used as the failure destination. * //from w w w. j a va2 s .c om * @param defaultFailureUrl * the failure URL, for example "/loginFailed.jsp". */ public void setDefaultFailureUrl(final String defaultFailureUrl) { Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultFailureUrl), "'" + defaultFailureUrl + "' is not a valid redirect URL"); this.defaultFailureUrl = defaultFailureUrl; }
From source file:org.vaadin.spring.security.shared.AbstractVaadinAuthenticationTargetUrlRequestHandler.java
/** * Supplies the default target Url that will be used if no saved request is found in the session, or the * {@code alwaysUseDefaultTargetUrl} property is set to true. If not set, defaults to {@code /}. It * will be treated as relative to the web-app's context path, and should include the leading <code>/</code>. * Alternatively, inclusion of a scheme name (such as "http://" or "https://") as the prefix will denote a * fully-qualified URL and this is also supported. * * @param defaultTargetUrl/* w w w . ja v a 2 s . c o m*/ */ public void setDefaultTargetUrl(String defaultTargetUrl) { Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultTargetUrl), "defaultTarget must start with '/' or with 'http(s)'"); this.defaultTargetUrl = defaultTargetUrl; }
From source file:com.htmlhifive.visualeditor.resource.CustomGenericUrlTreeFileResource.java
/** * ID??????.<br/>/*from www . j a va 2 s. c o m*/ * ??????(urlTreeMetadata)????????.<br/> * urlTreeMetadata??contentType(MIME)????????Content-Type???????????. * ?????urlTreeMetadata????(metadataOnly)? * ?type=dir???????????????????.<br/> * ?????Content-Type??????.<br/> * Persister??????Persister????????URL?urlTreeMetadata????? * Location????????????URL?????????. */ @Override public Object findById(RequestMessage requestMessage) throws AbstractResourceException { UrlTreeContext ctx = createContext(requestMessage); String path = getId(requestMessage); // If-Modified-Since???????0?) Object ifModifiedSinceObj = requestMessage.get(KEY_IF_MODIFIED_SINCE); logger.trace("[?]ifModifiedSince?" + ifModifiedSinceObj); Set<String> headerKeys = requestMessage.keys(); String headerKeysStr = ""; for (Iterator<String> i = headerKeys.iterator(); i.hasNext();) { String key = i.next(); headerKeysStr += key + ':' + requestMessage.get(key) + ','; } logger.trace("[?]requestMessage??" + headerKeysStr); boolean hasIfModifiedSince = ifModifiedSinceObj != null; boolean notModified = false; long ifModifiedSince = 0; if (hasIfModifiedSince) { try { ifModifiedSince = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.ENGLISH) .parse((String) ifModifiedSinceObj).getTime(); logger.trace("[?]ifModifiedSince?getTime()" + ifModifiedSince); } catch (Exception e) { logger.trace("[?]ifModifiedSince??" + ifModifiedSinceObj + e.getMessage()); ifModifiedSince = 0; } } boolean metadataOnly = requestMessage.get("metadata") != null; // 1?????(??) // ??? Map<String, UrlTreeMetaData<InputStream>> urlTreeMetadataMap = urlTreeResource.doGet(true, ctx, path); UrlTreeMetaData<InputStream> urlTreeMetadata = urlTreeMetadataMap.values().iterator().next(); logger.trace("[?]?updateTime:" + urlTreeMetadata.getUpdatedTime()); if (hasIfModifiedSince && urlTreeMetadata.getUpdatedTime() < ifModifiedSince) { logger.trace("[?]notModified???304?ifModifiedSince=" + ifModifiedSince + "updateTime=" + urlTreeMetadata.getUpdatedTime()); notModified = true; } // ?OK? checkStatus(urlTreeMetadata, requestMessage); // metadataOnly?urlTreeMetadata? // TODO metadataOnly??304????(urlTreeMetadata?304??????) if (metadataOnly) { // contentType???() return urlTreeMetadata; } else if (!notModified) { // metadataOnly?notModified?????????????????metadataOnlyfalse???urlTreeMetadata?????? urlTreeMetadata = urlTreeResource.doGet(false, ctx, path).values().iterator().next(); } // ???childList? if (urlTreeMetadata.isDirectory()) { // contentType???() return urlTreeMetadata.getChildList(); } // metadataOnly????? // Content-Type?????????ResponseMessage? ResponseMessage responseMessage = new ResponseMessage(requestMessage); MessageMetadata messageMetadata = responseMessage.getMessageMetadata(); Map<String, Object> headers = new HashMap<>(); responseMessage.put(messageMetadata.RESPONSE_HEADER, headers); // url?????(?Persister????)?? String url = urlTreeMetadata.getUrl(); if (StringUtils.isNotBlank(url) && UrlUtils.isValidRedirectUrl(url)) { responseMessage.put(messageMetadata.RESPONSE_STATUS, ResourceActionStatus.SEE_OTHER); headers.put(messageMetadata.HTTP_HEADER_LOCATION, url); return responseMessage; } // ?Content-Type?? headers.put(messageMetadata.HTTP_HEADER_CONTENT_TYPE, urlTreeMetadata.getContentType()); // Content-Diposition????? responseMessage.put(messageMetadata.RESPONSE_DOWNLOAD_FILE_NAME, urlTreeMetadata.getName()); if (notModified) { // If-Modified-Since???????????? // ?304RESPONSE_BODY????? responseMessage.put(messageMetadata.RESPONSE_STATUS, ResourceActionStatus.NOT_MODIFIED); } else { responseMessage.put(messageMetadata.RESPONSE_STATUS, ResourceActionStatus.OK); responseMessage.put(messageMetadata.RESPONSE_BODY, urlTreeMetadata.getData()); } return responseMessage; }
From source file:org.fao.geonet.api.pages.PagesAPI.java
/** * Set the content with file or with provided link * * @param data the file//from w ww . j av a 2 s. com * @param link the link * @param page the page to set content */ private void fillContent(final MultipartFile data, final String link, final Page page) { byte[] bytesData = null; if (data != null && !data.isEmpty()) { checkFileType(data); try { bytesData = data.getBytes(); } catch (final Exception e) { // Wrap into managed exception throw new WebApplicationException(e); } page.setData(bytesData); } if (link != null && !UrlUtils.isValidRedirectUrl(link)) { throw new IllegalArgumentException("The link provided is not valid"); } else { page.setLink(link); } }
From source file:org.hx.rainbow.common.security.login.RainbowFailureHandler.java
public void setDefaultFailureUrl(String defaultFailureUrl) { Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultFailureUrl), "'" + defaultFailureUrl + "' is not a valid redirect URL"); this.defaultFailureUrl = defaultFailureUrl; }
From source file:org.springframework.security.kerberos.web.authentication.SpnegoEntryPoint.java
/** * Instantiates a new spnego entry point. This constructor enables security * configuration to use SPNEGO in combination a fallback page (login form, * custom 401 page ...). The forward URL will be accessed via provided HTTP * method./* w w w. ja v a2s . c om*/ * * @param forwardUrl * URL where the login page can be found. Should be * relative to the web-app context path (include a leading * {@code /}) and can't be absolute URL. * * @param forwardMethod * HTTP method to use when accessing the forward URL */ public SpnegoEntryPoint(String forwardUrl, HttpMethod forwardMethod) { if (StringUtils.hasText(forwardUrl)) { Assert.isTrue(UrlUtils.isValidRedirectUrl(forwardUrl), "Forward url specified must be a valid forward URL"); Assert.isTrue(!UrlUtils.isAbsoluteUrl(forwardUrl), "Forward url specified must not be absolute"); Assert.notNull(forwardMethod, "Http method must be specified"); this.forwardUrl = forwardUrl; this.forwardMethod = forwardMethod; this.forward = true; } else { this.forwardUrl = null; this.forwardMethod = null; this.forward = false; } }
From source file:org.springframework.security.web.authentication.logout.LogoutFilter.java
public LogoutFilter(String logoutSuccessUrl, LogoutHandler... handlers) { Assert.notEmpty(handlers, "LogoutHandlers are required"); this.handlers = Arrays.asList(handlers); Assert.isTrue(!StringUtils.hasLength(logoutSuccessUrl) || UrlUtils.isValidRedirectUrl(logoutSuccessUrl), logoutSuccessUrl + " isn't a valid redirect URL"); SimpleUrlLogoutSuccessHandler urlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); if (StringUtils.hasText(logoutSuccessUrl)) { urlLogoutSuccessHandler.setDefaultTargetUrl(logoutSuccessUrl); }// w w w .jav a 2 s. c o m logoutSuccessHandler = urlLogoutSuccessHandler; setFilterProcessesUrl("/j_spring_security_logout"); }
From source file:org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler.java
/** * The URL which will be used as the failure destination. * * @param defaultFailureUrl the failure URL, for example "/loginFailed.jsp". *//*from w w w . j a va 2 s . com*/ public void setDefaultFailureUrl(String defaultFailureUrl) { Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultFailureUrl), () -> "'" + defaultFailureUrl + "' is not a valid redirect URL"); this.defaultFailureUrl = defaultFailureUrl; }
From source file:org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy.java
public SimpleRedirectInvalidSessionStrategy(String invalidSessionUrl) { Assert.isTrue(UrlUtils.isValidRedirectUrl(invalidSessionUrl), "url must start with '/' or with 'http(s)'"); this.destinationUrl = invalidSessionUrl; }
From source file:org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy.java
public SimpleRedirectSessionInformationExpiredStrategy(String invalidSessionUrl, RedirectStrategy redirectStrategy) { Assert.isTrue(UrlUtils.isValidRedirectUrl(invalidSessionUrl), "url must start with '/' or with 'http(s)'"); this.destinationUrl = invalidSessionUrl; this.redirectStrategy = redirectStrategy; }