Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.seraph.util
Class RedirectUtils

java.lang.Object
  extended by com.atlassian.seraph.util.RedirectUtils

public class RedirectUtils
extends Object

Utilities for login link redirection.

Constructor Summary
RedirectUtils()
           
 
Method Summary
static String appendPathToContext(String context, String path)
          Appends the path to the context, dealing with any missing slashes properly.
static String getLinkLoginURL(javax.servlet.http.HttpServletRequest request)
          Returns a login URL that would log the user in to access resource indicated by request.
static String getLoginUrl(javax.servlet.http.HttpServletRequest request)
          Returns a login URL that would log the user in to access resource indicated by request.
static String getServerNameAndPath(javax.servlet.http.HttpServletRequest request)
          Reconstruct the context part of a request URL from a HttpServletRequest.
static boolean isBasicAuthentication(javax.servlet.http.HttpServletRequest request, String basicAuthParameterName)
          Check whether the request authentication strategy is using HTTP Basic Authentication
static boolean sameContext(String url, javax.servlet.http.HttpServletRequest request)
          Tests if a given (absolute) URL is in the same context as the incoming HttpServletRequest.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RedirectUtils

public RedirectUtils()
Method Detail

getLoginUrl

public static String getLoginUrl(javax.servlet.http.HttpServletRequest request)
Returns a login URL that would log the user in to access resource indicated by request.

For instance, if request is for protected path "/browse/JRA-123" and the user must login before accessing this resource, this method might return "/login.jsp?os_destination=%2Fbrowse%2FJRA-123". Presumably the login.jsp page will redirect back to 'os_destination' once logged in.

The returned path is derived from the login.url parameter in seraph-config.xml, which in the example above would be "/login.jsp?os_destination={originalurl}". The '${originalurl}' token is replaced at runtime with a relative or absolute path to the original resource requested by request ('/browse/JRA-123').

Both the returned URL and the ${originalurl} replacement URL may be absolute or root-relative, depending on whether the seraph-config.xml login.url parameter is. This allows for redirection to external SSO apps, which are passed an absolute path to the originally requested resource.

No actual permission checks are performed to determine whether the user needs to log in to access the resource. The caller is assumed to have done this before calling this method.

Parameters:
request - The original request made by the user for a resource.
Returns:
A root-relative or absolute URL of a login link that would log the user in to access the resource.

getLinkLoginURL

public static String getLinkLoginURL(javax.servlet.http.HttpServletRequest request)
Returns a login URL that would log the user in to access resource indicated by request. Identical to getLoginUrl(javax.servlet.http.HttpServletRequest), except uses the 'link.login.url' parameter in seraph-config.xml instead of 'login.url', which allows for different login pages depending on whether invoked from a link ("link.login.url") or from a servlet filter that intercepted a request ("login.url").

See Also:
for parameters, etc

getServerNameAndPath

public static String getServerNameAndPath(javax.servlet.http.HttpServletRequest request)
Reconstruct the context part of a request URL from a HttpServletRequest.

Parameters:
request - the HttpServletRequest.
Returns:
the context part of a request URL from the given HttpServletRequest.

isBasicAuthentication

public static boolean isBasicAuthentication(javax.servlet.http.HttpServletRequest request,
                                            String basicAuthParameterName)
Check whether the request authentication strategy is using HTTP Basic Authentication

Parameters:
request - the current HttpServletRequest
basicAuthParameterName - the name of the request parameter that sets the type of authorisation to apply for the current request

appendPathToContext

public static String appendPathToContext(String context,
                                         String path)
Appends the path to the context, dealing with any missing slashes properly. Does NOT resolve the path using URL resolution rules. Does NOT attempt to normalise the resulting URL.

Parameters:
context - a context path as returned by HttpServletRequest.getContextPath, e.g. "/confluence". If null, it will be treated as the default context ("").
path - a path to be appended to the context, e.g. "/homepage.action". If this is null, the context will be returned if it is non-null, otherwise the empty string will be returned.
Returns:
a URL of the given path within the context, e.g. "/confluence/homepage.action".

sameContext

public static boolean sameContext(String url,
                                  javax.servlet.http.HttpServletRequest request)
Tests if a given (absolute) URL is in the same context as the incoming HttpServletRequest. This is useful for checking if we will allow a redirect to the given URL.

Parameters:
url - The URL.
request - the incoming HttpServletRequest.
Returns:
true if the given URL is in the same context as the incoming HttpServletRequest.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013 Atlassian. All Rights Reserved.