Add RequestedUrlRedirectInvalidSessionStrategy implemention of InvalidSessionStrategy
Performs a redirect to the original request URL when an invalid requested session is detected. In effect, when a user's session times out, the user is redirected to URL they originally requested instead of some fixed URL.
This commit is contained in:
Craig Andrews
Rob Winch
parent
36dcbe24d0
commit
10a264c144
|
|
@ -0,0 +1,71 @@
|
|||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.session;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Optional;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.security.web.DefaultRedirectStrategy;
|
||||
import org.springframework.security.web.RedirectStrategy;
|
||||
import org.springframework.web.util.UrlPathHelper;
|
||||
|
||||
/**
|
||||
* Performs a redirect to the original request URL when an invalid requested session is
|
||||
* detected by the {@code SessionManagementFilter}.
|
||||
*
|
||||
* @author Craig Andrews
|
||||
*/
|
||||
public final class RequestedUrlRedirectInvalidSessionStrategy implements InvalidSessionStrategy {
|
||||
|
||||
private final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
|
||||
|
||||
private boolean createNewSession = true;
|
||||
|
||||
private final UrlPathHelper urlPathHelper = new UrlPathHelper();
|
||||
|
||||
@Override
|
||||
public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse response) throws IOException {
|
||||
String destinationUrl = this.urlPathHelper.getOriginatingRequestUri(request)
|
||||
+ Optional.ofNullable(this.urlPathHelper.getOriginatingQueryString(request)).filter((s) -> !s.isEmpty())
|
||||
.map((s) -> "?" + s).orElse("");
|
||||
this.logger.debug("Starting new session (if required) and redirecting to '" + destinationUrl + "'");
|
||||
if (this.createNewSession) {
|
||||
request.getSession();
|
||||
}
|
||||
this.redirectStrategy.sendRedirect(request, response, destinationUrl);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines whether a new session should be created before redirecting (to avoid
|
||||
* possible looping issues where the same session ID is sent with the redirected
|
||||
* request). Alternatively, ensure that the configured URL does not pass through the
|
||||
* {@code SessionManagementFilter}.
|
||||
* @param createNewSession defaults to {@code true}.
|
||||
*/
|
||||
public void setCreateNewSession(boolean createNewSession) {
|
||||
this.createNewSession = createNewSession;
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Reference in New Issue