public void afterPropertiesSet() throws Exception {
   Assert.isTrue(
       StringUtils.hasText(loginFormUrl) && UrlUtils.isValidRedirectUrl(loginFormUrl),
       "loginFormUrl must be specified and must be a valid redirect URL");
   if (useForward && UrlUtils.isAbsoluteUrl(loginFormUrl)) {
     throw new IllegalArgumentException(
         "useForward must be false if using an absolute loginFormURL");
   }
   Assert.notNull(portMapper, "portMapper must be specified");
   Assert.notNull(portResolver, "portResolver must be specified");
 }
 /**
  * Checks the value of an XML attribute which represents a redirect URL. If not empty or starting
  * with "$" (potential placeholder), "/" or "http" it will raise an error.
  */
 static void validateHttpRedirect(String url, ParserContext pc, Object source) {
   if (!StringUtils.hasText(url) || UrlUtils.isValidRedirectUrl(url) || url.startsWith("$")) {
     return;
   }
   pc.getReaderContext()
       .warning(url + " is not a valid redirect URL (must start with '/' or http(s))", source);
 }
 @Override
 public void afterPropertiesSet() {
   Assert.notNull(sessionRegistry, "SessionRegistry required");
   Assert.isTrue(
       expiredUrl == null || UrlUtils.isValidRedirectUrl(expiredUrl),
       expiredUrl + " isn't a valid redirect URL");
 }
 public ConcurrentSessionFilter(SessionRegistry sessionRegistry, String expiredUrl) {
   Assert.notNull(sessionRegistry, "SessionRegistry required");
   Assert.isTrue(
       expiredUrl == null || UrlUtils.isValidRedirectUrl(expiredUrl),
       expiredUrl + " isn't a valid redirect URL");
   this.sessionRegistry = sessionRegistry;
   this.expiredUrl = expiredUrl;
 }
Esempio n. 5
0
 public static String getJenkinsUrl(HttpServletRequest req) {
   String jenkinsUrl = getJenkinsUrl();
   if (jenkinsUrl == null) {
     jenkinsUrl =
         UrlUtils.buildFullRequestUrl(
                 req.getScheme(),
                 req.getServerName(),
                 req.getServerPort(),
                 req.getContextPath(),
                 null)
             + "/";
   }
   return jenkinsUrl;
 }
 protected String calculateRelativeRedirectUrl(final String contextPath, final String url) {
   if (UrlUtils.isAbsoluteUrl(url)) {
     String relUrl = url.substring(url.indexOf("://") + 3);
     String modifiedContextPath = contextPath;
     final String urlEncodingAttributes =
         getSessionService().getAttribute(WebConstants.URL_ENCODING_ATTRIBUTES);
     if (urlEncodingAttributes != null
         && !url.contains(urlEncodingAttributes)
         && modifiedContextPath.contains(urlEncodingAttributes)) {
       modifiedContextPath = StringUtils.remove(modifiedContextPath, urlEncodingAttributes);
     }
     if (StringUtils.isEmpty(relUrl) || StringUtils.isEmpty(modifiedContextPath)) {
       relUrl = "/";
     } else {
       relUrl =
           relUrl.substring(relUrl.indexOf(modifiedContextPath) + modifiedContextPath.length());
     }
     return relUrl;
   } else {
     return url;
   }
 }
  /*
   * (non-Javadoc)
   *
   * @see
   * org.springframework.web.filter.OncePerRequestFilter#doFilterInternal(javax.servlet
   * .http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
   * javax.servlet.FilterChain)
   */
  @Override
  protected void doFilterInternal(
      HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
      throws ServletException, IOException {
    CsrfToken csrfToken = tokenRepository.loadToken(request);
    final boolean missingToken = csrfToken == null;
    if (missingToken) {
      CsrfToken generatedToken = tokenRepository.generateToken(request);
      csrfToken = new SaveOnAccessCsrfToken(tokenRepository, request, response, generatedToken);
    }
    request.setAttribute(CsrfToken.class.getName(), csrfToken);
    request.setAttribute(csrfToken.getParameterName(), csrfToken);

    if (!requireCsrfProtectionMatcher.matches(request)) {
      filterChain.doFilter(request, response);
      return;
    }

    String actualToken = request.getHeader(csrfToken.getHeaderName());
    if (actualToken == null) {
      actualToken = request.getParameter(csrfToken.getParameterName());
    }
    if (!csrfToken.getToken().equals(actualToken)) {
      if (logger.isDebugEnabled()) {
        logger.debug("Invalid CSRF token found for " + UrlUtils.buildFullRequestUrl(request));
      }
      if (missingToken) {
        accessDeniedHandler.handle(request, response, new MissingCsrfTokenException(actualToken));
      } else {
        accessDeniedHandler.handle(
            request, response, new InvalidCsrfTokenException(csrfToken, actualToken));
      }
      return;
    }

    filterChain.doFilter(request, response);
  }
  protected String buildRedirectUrlToLoginPage(
      HttpServletRequest request,
      HttpServletResponse response,
      AuthenticationException authException) {

    String loginForm = determineUrlToUseForThisRequest(request, response, authException);

    if (UrlUtils.isAbsoluteUrl(loginForm)) {
      return loginForm;
    }

    int serverPort = portResolver.getServerPort(request);
    String scheme = request.getScheme();

    RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();

    urlBuilder.setScheme(scheme);
    urlBuilder.setServerName(request.getServerName());
    urlBuilder.setPort(serverPort);
    urlBuilder.setContextPath(request.getContextPath());
    urlBuilder.setPathInfo(loginForm);

    if (forceHttps && "http".equals(scheme)) {
      Integer httpsPort = portMapper.lookupHttpsPort(Integer.valueOf(serverPort));

      if (httpsPort != null) {
        // Overwrite scheme and port in the redirect URL
        urlBuilder.setScheme("https");
        urlBuilder.setPort(httpsPort.intValue());
      } else {
        logger.warn(
            "Unable to redirect to HTTPS as no port mapping found for HTTP port " + serverPort);
      }
    }

    return urlBuilder.getUrl();
  }
 /**
  * The URL which will be used as the failure destination.
  *
  * @param defaultFailureUrl the failure URL, for example "/loginFailed.jsp".
  */
 public void setDefaultFailureUrl(String defaultFailureUrl) {
   Assert.isTrue(
       UrlUtils.isValidRedirectUrl(defaultFailureUrl),
       "'" + defaultFailureUrl + "' is not a valid redirect URL");
   this.defaultFailureUrl = defaultFailureUrl;
 }