SEC-443: Provide useRelativeContext property.

2007-05-25 02:55:25 +00:00 · 2007-05-25 02:55:25 +00:00 · 24b31c0c57
parent c8d5374602
commit 24b31c0c57
1 changed files with 26 additions and 2 deletions
--- a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
@ -153,6 +153,11 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
     * to be updated before the browser redirect will be sent. Defaults to an 8 Kb buffer.
     */
    private int bufferSize = 8 * 1024;
+    
+    /**
+     * If true, causes any redirection URLs to be calculated minus the protocol and context path (defaults to false).
+     */
+    private boolean useRelativeContext = false;

    //~ Methods ========================================================================================================

@ -326,13 +331,28 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe

    protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)
        throws IOException {
+        String finalUrl;
        if (!url.startsWith("http://") && !url.startsWith("https://")) {
-            url = request.getContextPath() + url;
+            if (useRelativeContext) {
+                finalUrl = url;
+            } else {
+                finalUrl = request.getContextPath() + url;
+            }
+        } else if (useRelativeContext) {
+            // Calculate the relative URL from the fully qualifed URL, minus the protocol and base context.
+            int len = request.getContextPath().length();
+            int index = url.indexOf(request.getContextPath()) + len;
+            finalUrl = url.substring(index);
+            if (finalUrl.length() > 1 && finalUrl.charAt(0) == '/') {
+                finalUrl = finalUrl.substring( 1 );
+            }
+        } else {
+            finalUrl = url;
        }

        Assert.isTrue(!response.isCommitted(), "Response already committed; the authentication mechanism must be able to modify buffer size");
        response.setBufferSize(bufferSize);
-        response.sendRedirect(response.encodeRedirectURL(url));
+        response.sendRedirect(response.encodeRedirectURL(finalUrl));
    }

    public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) {
@ -456,4 +476,8 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 	public void setBufferSize(int bufferSize) {
 		this.bufferSize = bufferSize;
 	}
+
+	public void setUseRelativeContext(boolean useRelativeContext) {
+		this.useRelativeContext = useRelativeContext;
+	}
 }