예제 #1
0
  @Override
  public void sendRedirect(String location) throws IOException {
    if (isIncluding()) return;

    if (location == null) throw new IllegalArgumentException();

    if (!URIUtil.hasScheme(location)) {
      StringBuilder buf = _channel.getRequest().getRootURL();
      if (location.startsWith("/")) buf.append(location);
      else {
        String path = _channel.getRequest().getRequestURI();
        String parent = (path.endsWith("/")) ? path : URIUtil.parentPath(path);
        location = URIUtil.addPaths(parent, location);
        if (location == null) throw new IllegalStateException("path cannot be above root");
        if (!location.startsWith("/")) buf.append('/');
        buf.append(location);
      }

      location = buf.toString();
      HttpURI uri = new HttpURI(location);
      String path = uri.getDecodedPath();
      String canonical = URIUtil.canonicalPath(path);
      if (canonical == null) throw new IllegalArgumentException();
      if (!canonical.equals(path)) {
        buf = _channel.getRequest().getRootURL();
        buf.append(URIUtil.encodePath(canonical));
        String param = uri.getParam();
        if (param != null) {
          buf.append(';');
          buf.append(param);
        }
        String query = uri.getQuery();
        if (query != null) {
          buf.append('?');
          buf.append(query);
        }
        String fragment = uri.getFragment();
        if (fragment != null) {
          buf.append('#');
          buf.append(fragment);
        }
        location = buf.toString();
      }
    }

    resetBuffer();
    setHeader(HttpHeader.LOCATION, location);
    setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
    complete();
  }
예제 #2
0
  @Override
  public String encodeURL(String url) {
    final Request request = _channel.getRequest();
    SessionManager sessionManager = request.getSessionManager();
    if (sessionManager == null) return url;

    HttpURI uri = null;
    if (sessionManager.isCheckingRemoteSessionIdEncoding() && URIUtil.hasScheme(url)) {
      uri = new HttpURI(url);
      String path = uri.getPath();
      path = (path == null ? "" : path);
      int port = uri.getPort();
      if (port < 0) port = HttpScheme.HTTPS.asString().equalsIgnoreCase(uri.getScheme()) ? 443 : 80;
      if (!request.getServerName().equalsIgnoreCase(uri.getHost())
          || request.getServerPort() != port
          || !path.startsWith(
              request
                  .getContextPath())) // TODO the root context path is "", with which every non null
                                      // string starts
      return url;
    }

    String sessionURLPrefix = sessionManager.getSessionIdPathParameterNamePrefix();
    if (sessionURLPrefix == null) return url;

    if (url == null) return null;

    // should not encode if cookies in evidence
    if (request.isRequestedSessionIdFromCookie()) {
      int prefix = url.indexOf(sessionURLPrefix);
      if (prefix != -1) {
        int suffix = url.indexOf("?", prefix);
        if (suffix < 0) suffix = url.indexOf("#", prefix);

        if (suffix <= prefix) return url.substring(0, prefix);
        return url.substring(0, prefix) + url.substring(suffix);
      }
      return url;
    }

    // get session;
    HttpSession session = request.getSession(false);

    // no session
    if (session == null) return url;

    // invalid session
    if (!sessionManager.isValid(session)) return url;

    String id = sessionManager.getNodeId(session);

    if (uri == null) uri = new HttpURI(url);

    // Already encoded
    int prefix = url.indexOf(sessionURLPrefix);
    if (prefix != -1) {
      int suffix = url.indexOf("?", prefix);
      if (suffix < 0) suffix = url.indexOf("#", prefix);

      if (suffix <= prefix) return url.substring(0, prefix + sessionURLPrefix.length()) + id;
      return url.substring(0, prefix + sessionURLPrefix.length()) + id + url.substring(suffix);
    }

    // edit the session
    int suffix = url.indexOf('?');
    if (suffix < 0) suffix = url.indexOf('#');
    if (suffix < 0) {
      return url
          + ((HttpScheme.HTTPS.is(uri.getScheme()) || HttpScheme.HTTP.is(uri.getScheme()))
                  && uri.getPath() == null
              ? "/"
              : "")
          + // if no path, insert the root path
          sessionURLPrefix
          + id;
    }

    return url.substring(0, suffix)
        + ((HttpScheme.HTTPS.is(uri.getScheme()) || HttpScheme.HTTP.is(uri.getScheme()))
                && uri.getPath() == null
            ? "/"
            : "")
        + // if no path so insert the root path
        sessionURLPrefix
        + id
        + url.substring(suffix);
  }