Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 16:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1407: Removed original URL matching classes and updated Javadoc of new RequestMatcher versions.

Browse Source
This commit is contained in:
Luke Taylor 2010-03-03 23:11:49 +00:00
parent 90caf1bb37
commit 43f3568b16
6 changed files with 45 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
View File

@ -39,6 +39,7 @@ import org.springframework.util.StringUtils;
* <li>
* As a fallback option, the <tt>defaultTargetUrl</tt> value will be used.
* </li>
* </ul>
*
* @author Luke Taylor
* @since 3.0
@ -56,13 +57,26 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
protected AbstractAuthenticationTargetUrlRequestHandler() {
}
/**
* Invokes the configured {@code RedirectStrategy} with the URL returned by the {@code determineTargetUrl} method.
* <p>
* The redirect will not be performed if the response has already been committed.
*/
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String targetUrl = determineTargetUrl(request, response);
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
/**
* Builds the target URL according to the logic defined in the main class Javadoc.
*/
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
if (isAlwaysUseDefaultTargetUrl()) {
return defaultTargetUrl;
@ -102,7 +116,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
*
* @return the defaultTargetUrl property
*/
protected String getDefaultTargetUrl() {
protected final String getDefaultTargetUrl() {
return defaultTargetUrl;
}
@ -137,7 +151,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
* The current request will be checked for this parameter before and the value used as the target URL if present.
*
* @param targetUrlParameter the name of the parameter containing the encoded target URL. Defaults
* to "redirect".
* to "spring-security-redirect".
*/
public void setTargetUrlParameter(String targetUrlParameter) {
Assert.hasText("targetUrlParameter canot be null or empty");

3
web/src/main/java/org/springframework/security/web/util/AntPathRequestMatcher.java
View File

@ -11,7 +11,8 @@ import org.springframework.util.StringUtils;
/**
* Matcher which compares a pre-defined ant-style pattern against the URL of an
* {@code HttpServletRequest}. Ignores the query string of the URL.
* {@code HttpServletRequest}. Ignores the query string of the URL and always performs
* case-insensitive matching.
*
* @author Luke Taylor
* @since 3.1

50
web/src/main/java/org/springframework/security/web/util/AntUrlPathMatcher.java
View File

@ -1,50 +0,0 @@
package org.springframework.security.web.util;
import org.springframework.util.PathMatcher;
import org.springframework.util.AntPathMatcher;
/**
* Ant path strategy for URL matching.
*
* @author Luke Taylor
*/
public class AntUrlPathMatcher implements UrlMatcher {
private boolean requiresLowerCaseUrl = true;
private PathMatcher pathMatcher = new AntPathMatcher();
public AntUrlPathMatcher() {
this(true);
}
public AntUrlPathMatcher(boolean requiresLowerCaseUrl) {
this.requiresLowerCaseUrl = requiresLowerCaseUrl;
}
public Object compile(String path) {
if (requiresLowerCaseUrl) {
return path.toLowerCase();
}
return path;
}
public void setRequiresLowerCaseUrl(boolean requiresLowerCaseUrl) {
this.requiresLowerCaseUrl = requiresLowerCaseUrl;
}
public boolean pathMatchesUrl(Object path, String url) {
return pathMatcher.match((String)path, url);
}
public String getUniversalMatchPattern() {
return "/**";
}
public boolean requiresLowerCaseUrl() {
return requiresLowerCaseUrl;
}
public String toString() {
return getClass().getName() + "[requiresLowerCase='" + requiresLowerCaseUrl + "']";
}
}

27
web/src/main/java/org/springframework/security/web/util/RegexRequestMatcher.java
View File

@ -10,6 +10,13 @@ import org.springframework.http.HttpMethod;
import org.springframework.util.StringUtils;
/**
* Uses a regular expression to decide whether a supplied the URL of a supplied {@code HttpServletRequest}.
*
* Can also be configured to match a specific HTTP method.
*
* The match is performed against the {@code servletPath + pathInfo + queryString} of the request and is case-sensitive
* by default. Case-insensitive matching can be used by using the constructor which takes the {@code caseInsentitive}
* argument.
*
* @author Luke Taylor
* @since 3.1
@ -20,10 +27,23 @@ public final class RegexRequestMatcher implements RequestMatcher {
private final Pattern pattern;
private final HttpMethod httpMethod;
/**
* Creates a case-sensitive {@code Pattern} instance to match against the request.
*
* @param pattern the regular expression to compile into a pattern.
* @param httpMethod the HTTP method to match. May be null to match all methods.
*/
public RegexRequestMatcher(String pattern, String httpMethod) {
this(pattern, httpMethod, false);
}
/**
* As above, but allows setting of whether case-insensitive matching should be used.
*
* @param pattern the regular expression to compile into a pattern.
* @param httpMethod the HTTP method to match. May be null to match all methods.
* @param caseInsensitive if true, the pattern will be compiled with the {@link Pattern.CASE_INSENSITIVE} flag set.
*/
public RegexRequestMatcher(String pattern, String httpMethod, boolean caseInsensitive) {
if (caseInsensitive) {
this.pattern = Pattern.compile(pattern, Pattern.CASE_INSENSITIVE);
@ -33,6 +53,13 @@ public final class RegexRequestMatcher implements RequestMatcher {
this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod.valueOf(httpMethod) : null;
}
/**
* Performs the match of the request URL ({@code servletPath + pathInfo + queryString}) against
* the compiled pattern.
*
* @param requst the request to match
* @return true if the pattern matches the URL, false otherwise.
*/
public boolean matches(HttpServletRequest request) {
if (httpMethod != null && httpMethod != HttpMethod.valueOf(request.getMethod())) {
return false;

32
web/src/main/java/org/springframework/security/web/util/RegexUrlPathMatcher.java
View File

@ -1,32 +0,0 @@
package org.springframework.security.web.util;
import java.util.regex.Pattern;
/**
* @author Luke Taylor
*/
public class RegexUrlPathMatcher implements UrlMatcher {
private boolean requiresLowerCaseUrl = false;
public Object compile(String path) {
return Pattern.compile(path);
}
public void setRequiresLowerCaseUrl(boolean requiresLowerCaseUrl) {
this.requiresLowerCaseUrl = requiresLowerCaseUrl;
}
public boolean pathMatchesUrl(Object compiledPath, String url) {
Pattern pattern = (Pattern)compiledPath;
return pattern.matcher(url).matches();
}
public String getUniversalMatchPattern() {
return "/.*";
}
public boolean requiresLowerCaseUrl() {
return requiresLowerCaseUrl;
}
}

23
web/src/main/java/org/springframework/security/web/util/UrlMatcher.java
View File

@ -1,23 +0,0 @@
package org.springframework.security.web.util;
/**
* Strategy for deciding whether configured path matches a submitted candidate URL.
*
* @author Luke Taylor
* @since 2.0
*/
public interface UrlMatcher {
Object compile(String urlPattern);
boolean pathMatchesUrl(Object compiledUrlPattern, String url);
/** Returns the path which matches every URL */
String getUniversalMatchPattern();
/**
* Returns true if the matcher expects the URL to be converted to lower case before
* calling {@link #pathMatchesUrl(Object, String)}.
*/
boolean requiresLowerCaseUrl();
}