You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lh...@apache.org on 2009/07/28 18:08:10 UTC
svn commit: r798589 - in
/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web:
WebUtils.java filter/authc/AuthenticationFilter.java
Author: lhazlewood
Date: Tue Jul 28 16:08:10 2009
New Revision: 798589
URL: http://svn.apache.org/viewvc?rev=798589&view=rev
Log:
Extracted saved request redirect method to WebUtils (all the other saved request methods were in web utils already - it made sense to keep this consistent)
Modified:
incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/WebUtils.java
incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
Modified: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/WebUtils.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/WebUtils.java?rev=798589&r1=798588&r2=798589&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/WebUtils.java (original)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/WebUtils.java Tue Jul 28 16:08:10 2009
@@ -18,30 +18,30 @@
*/
package org.apache.shiro.web;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.StringUtils;
+import org.apache.shiro.util.ThreadContext;
+import org.apache.shiro.web.filter.AccessControlFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.URLDecoder;
import java.net.UnknownHostException;
import java.util.Map;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.session.Session;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.StringUtils;
-import org.apache.shiro.util.ThreadContext;
/**
* Simple utility class for operations used across multiple class hierarchies in the web framework code.
- *
- * <p>Some methods in this class were copied from the Spring Framework so we didn't have to re-invent the wheel,
+ * <p/>
+ * Some methods in this class were copied from the Spring Framework so we didn't have to re-invent the wheel,
* and in these cases, we have retained all license, copyright and author information.
*
* @author Les Hazlewood
@@ -320,7 +320,7 @@
* servlet-only environment.
* <p/>
* <b>THIS IS NOT PART OF APACHE SHIRO'S PUBLIC API.</b> It exists for Shiro implementation requirements only.
- *
+ *
* @return the current thread-bound {@code ServletRequest} or {@code null} if there is not one bound.
* @since 1.0
*/
@@ -355,11 +355,11 @@
/**
* Convenience method that simplifies binding a ServletRequest to the current thread (via the ThreadContext).
- *
+ * <p/>
* <p>The method's existence is to help reduce casting in your own code and to simplify remembering of
* ThreadContext key names. The implementation is simple in that, if the servletRequest is not <tt>null</tt>,
* it binds it to the thread, i.e.:
- *
+ * <p/>
* <pre>
* if (servletRequest != null) {
* ThreadContext.put( SERVLET_REQUEST_KEY, servletRequest );
@@ -441,11 +441,11 @@
/**
* Convenience method that simplifies binding a ServletResponse to the thread via the ThreadContext.
- *
+ * <p/>
* <p>The method's existence is to help reduce casting in your own code and to simplify remembering of
* ThreadContext key names. The implementation is simple in that, if the servletResponse is not <tt>null</tt>,
* it binds it to the thread, i.e.:
- *
+ * <p/>
* <pre>
* if (servletResponse != null) {
* ThreadContext.put( SERVLET_RESPONSE_KEY, servletResponse );
@@ -538,7 +538,7 @@
/**
* <p>Checks to see if a request param is considered true using a loose matching strategy for
* general values that indicate that something is true or enabled, etc.</p>
- *
+ * <p/>
* <p>Values that are considered "true" include (case-insensitive): true, t, 1, enabled, y, yes, on.</p>
*
* @param request the servlet request
@@ -597,5 +597,46 @@
return savedRequest;
}
+ /**
+ * Redirects the to the request url from a previously
+ * {@link #saveRequest(javax.servlet.ServletRequest) saved} request, or if there is no saved request, redirects the
+ * end user to the specified {@code fallbackUrl}. If there is no saved request or fallback url, this method
+ * throws an {@link IllegalStateException}.
+ * <p/>
+ * This method is primarily used to support a common login scenario - if an unauthenticated user accesses a
+ * page that requires authentication, it is expected that request is
+ * {@link #saveRequest(javax.servlet.ServletRequest) saved} first and then redirected to the login page. Then,
+ * after a successful login, this method can be called to redirect them back to their originally requested URL, a
+ * nice usability feature.
+ *
+ * @param request the incoming request
+ * @param response the outgoing response
+ * @param fallbackUrl the fallback url to redirect to if there is no saved request available.
+ * @throws IllegalStateException if there is no saved request and the {@code fallbackUrl} is {@code null}.
+ * @throws IOException if there is an error redirecting
+ * @since 1.0
+ */
+ public static void redirectToSavedRequest(ServletRequest request, ServletResponse response, String fallbackUrl)
+ throws IOException {
+ String successUrl = null;
+ boolean contextRelative = true;
+ SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);
+ if (savedRequest != null && savedRequest.getMethod().equalsIgnoreCase(AccessControlFilter.GET_METHOD)) {
+ successUrl = savedRequest.getRequestUrl();
+ contextRelative = false;
+ }
+
+ if (successUrl == null) {
+ successUrl = fallbackUrl;
+ }
+
+ if (successUrl == null) {
+ throw new IllegalStateException("Success URL not available via saved request or via the " +
+ "successUrlFallback method parameter. One of these must be non-null for " +
+ "issueSuccessRedirect() to work.");
+ }
+
+ WebUtils.issueRedirect(request, response, successUrl, null, contextRelative);
+ }
}
Modified: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java?rev=798589&r1=798588&r2=798589&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java (original)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java Tue Jul 28 16:08:10 2009
@@ -18,18 +18,17 @@
*/
package org.apache.shiro.web.filter.authc;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
import org.apache.shiro.subject.Subject;
-import org.apache.shiro.web.SavedRequest;
import org.apache.shiro.web.WebUtils;
import org.apache.shiro.web.filter.AccessControlFilter;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
/**
- * <p>Base class for all Filters that require the current user to be authenticated. This class encapsulates the
- * logic of checking whether a user is already authenticated in the system. If the user is not authenticated, we use
- * the template method pattern to delegate the processing of an unauthenticated request to sub classes.</p>
+ * Base class for all Filters that require the current user to be authenticated. This class encapsulates the
+ * logic of checking whether a user is already authenticated in the system while subclasses are required to perform
+ * specific logic for unauthenticated requests.
*
* @author Allan Ditzel
* @author Jeremy Haile
@@ -40,18 +39,29 @@
//TODO - complete JavaDoc
- public static final String DEFAULT_SUCCESS_URL = "/index.jsp";
+ public static final String DEFAULT_SUCCESS_URL = "/";
private String successUrl = DEFAULT_SUCCESS_URL;
+ /**
+ * Returns the success url to use as the default location a user is sent after logging in. Typically a redirect
+ * after login will redirect to the originally request URL; this property is provided mainly as a fallback in case
+ * the original request URL is not available or not specified.
+ * <p/>
+ * The default value is {@link #DEFAULT_SUCCESS_URL}.
+ *
+ * @return the success url to use as the default location a user is sent after logging in.
+ */
protected String getSuccessUrl() {
return successUrl;
}
/**
- * Sets the success URL that is the default location a user is sent to after logging in when
- * {@link #issueSuccessRedirect(javax.servlet.ServletRequest, javax.servlet.ServletResponse)}
- * is called by subclasses of this filter.
+ * Sets the default/fallback success url to use as the default location a user is sent after logging in. Typically
+ * a redirect after login will redirect to the originally request URL; this property is provided mainly as a
+ * fallback in case the original request URL is not available or not specified.
+ * <p/>
+ * The default value is {@link #DEFAULT_SUCCESS_URL}.
*
* @param successUrl the success URL to redirect the user to after a successful login.
*/
@@ -74,26 +84,17 @@
return subject.isAuthenticated();
}
+ /**
+ * Redirects to user to the previously attempted URL after a successful login. This implementation simply calls
+ * <code>{@link WebUtils WebUtils}.{@link WebUtils#redirectToSavedRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String) redirectToSavedRequest}</code>
+ * using the {@link #getSuccessUrl() successUrl} as the {@code fallbackUrl} argument to that call.
+ *
+ * @param request the incoming request
+ * @param response the outgoing response
+ * @throws Exception if there is a problem redirecting.
+ */
protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception {
-
- String successUrl = null;
- boolean contextRelative = true;
- SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);
- if (savedRequest != null && savedRequest.getMethod().equalsIgnoreCase(GET_METHOD)) {
- successUrl = savedRequest.getRequestUrl();
- contextRelative = false;
- }
-
- if (successUrl == null) {
- successUrl = getSuccessUrl();
- }
-
- if (successUrl == null) {
- throw new IllegalStateException("Success URL not available via saved request or by calling " +
- "getSuccessUrl(). One of these must be non-null for issueSuccessRedirect() to work.");
- }
-
- WebUtils.issueRedirect(request, response, successUrl, null, contextRelative);
+ WebUtils.redirectToSavedRequest(request, response, getSuccessUrl());
}
}