Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.6.0 / apidocs / src-html / org / apache / shiro / web / util / WebUtils.html
blob: 7d0d931bddee4248549a3177788344edcb9011e5 [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Source code</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
</head>
<body>
<main role="main">
<div class="sourceContainer">
<pre><span class="sourceLineNo">001</span><a id="line.1">/*</a>
<span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a>
<span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements. See the NOTICE file</a>
<span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a>
<span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership. The ASF licenses this file</a>
<span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a>
<span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a>
<span class="sourceLineNo">008</span><a id="line.8"> * with the License. You may obtain a copy of the License at</a>
<span class="sourceLineNo">009</span><a id="line.9"> *</a>
<span class="sourceLineNo">010</span><a id="line.10"> * http://www.apache.org/licenses/LICENSE-2.0</a>
<span class="sourceLineNo">011</span><a id="line.11"> *</a>
<span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a>
<span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a>
<span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
<span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied. See the License for the</a>
<span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a>
<span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a>
<span class="sourceLineNo">018</span><a id="line.18"> */</a>
<span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.web.util;</a>
<span class="sourceLineNo">020</span><a id="line.20"></a>
<span class="sourceLineNo">021</span><a id="line.21">import org.apache.shiro.SecurityUtils;</a>
<span class="sourceLineNo">022</span><a id="line.22">import org.apache.shiro.session.Session;</a>
<span class="sourceLineNo">023</span><a id="line.23">import org.apache.shiro.subject.Subject;</a>
<span class="sourceLineNo">024</span><a id="line.24">import org.apache.shiro.subject.support.DefaultSubjectContext;</a>
<span class="sourceLineNo">025</span><a id="line.25">import org.apache.shiro.util.StringUtils;</a>
<span class="sourceLineNo">026</span><a id="line.26">import org.apache.shiro.web.env.EnvironmentLoader;</a>
<span class="sourceLineNo">027</span><a id="line.27">import org.apache.shiro.web.env.WebEnvironment;</a>
<span class="sourceLineNo">028</span><a id="line.28">import org.apache.shiro.web.filter.AccessControlFilter;</a>
<span class="sourceLineNo">029</span><a id="line.29">import org.owasp.encoder.Encode;</a>
<span class="sourceLineNo">030</span><a id="line.30">import org.slf4j.Logger;</a>
<span class="sourceLineNo">031</span><a id="line.31">import org.slf4j.LoggerFactory;</a>
<span class="sourceLineNo">032</span><a id="line.32"></a>
<span class="sourceLineNo">033</span><a id="line.33">import javax.servlet.ServletContext;</a>
<span class="sourceLineNo">034</span><a id="line.34">import javax.servlet.ServletRequest;</a>
<span class="sourceLineNo">035</span><a id="line.35">import javax.servlet.ServletResponse;</a>
<span class="sourceLineNo">036</span><a id="line.36">import javax.servlet.http.HttpServletRequest;</a>
<span class="sourceLineNo">037</span><a id="line.37">import javax.servlet.http.HttpServletResponse;</a>
<span class="sourceLineNo">038</span><a id="line.38">import java.io.IOException;</a>
<span class="sourceLineNo">039</span><a id="line.39">import java.io.UnsupportedEncodingException;</a>
<span class="sourceLineNo">040</span><a id="line.40">import java.net.URLDecoder;</a>
<span class="sourceLineNo">041</span><a id="line.41">import java.util.Map;</a>
<span class="sourceLineNo">042</span><a id="line.42"></a>
<span class="sourceLineNo">043</span><a id="line.43">/**</a>
<span class="sourceLineNo">044</span><a id="line.44"> * Simple utility class for operations used across multiple class hierarchies in the web framework code.</a>
<span class="sourceLineNo">045</span><a id="line.45"> * &lt;p/&gt;</a>
<span class="sourceLineNo">046</span><a id="line.46"> * Some methods in this class were copied from the Spring Framework so we didn't have to re-invent the wheel,</a>
<span class="sourceLineNo">047</span><a id="line.47"> * and in these cases, we have retained all license, copyright and author information.</a>
<span class="sourceLineNo">048</span><a id="line.48"> *</a>
<span class="sourceLineNo">049</span><a id="line.49"> * @since 0.9</a>
<span class="sourceLineNo">050</span><a id="line.50"> */</a>
<span class="sourceLineNo">051</span><a id="line.51">public class WebUtils {</a>
<span class="sourceLineNo">052</span><a id="line.52"></a>
<span class="sourceLineNo">053</span><a id="line.53"> //TODO - complete JavaDoc</a>
<span class="sourceLineNo">054</span><a id="line.54"></a>
<span class="sourceLineNo">055</span><a id="line.55"> private static final Logger log = LoggerFactory.getLogger(WebUtils.class);</a>
<span class="sourceLineNo">056</span><a id="line.56"></a>
<span class="sourceLineNo">057</span><a id="line.57"> public static final String SERVLET_REQUEST_KEY = ServletRequest.class.getName() + "_SHIRO_THREAD_CONTEXT_KEY";</a>
<span class="sourceLineNo">058</span><a id="line.58"> public static final String SERVLET_RESPONSE_KEY = ServletResponse.class.getName() + "_SHIRO_THREAD_CONTEXT_KEY";</a>
<span class="sourceLineNo">059</span><a id="line.59"></a>
<span class="sourceLineNo">060</span><a id="line.60"> /**</a>
<span class="sourceLineNo">061</span><a id="line.61"> * {@link org.apache.shiro.session.Session Session} key used to save a request and later restore it, for example when redirecting to a</a>
<span class="sourceLineNo">062</span><a id="line.62"> * requested page after login, equal to {@code shiroSavedRequest}.</a>
<span class="sourceLineNo">063</span><a id="line.63"> */</a>
<span class="sourceLineNo">064</span><a id="line.64"> public static final String SAVED_REQUEST_KEY = "shiroSavedRequest";</a>
<span class="sourceLineNo">065</span><a id="line.65"></a>
<span class="sourceLineNo">066</span><a id="line.66"> /**</a>
<span class="sourceLineNo">067</span><a id="line.67"> * Standard Servlet 2.3+ spec request attributes for include URI and paths.</a>
<span class="sourceLineNo">068</span><a id="line.68"> * &lt;p&gt;If included via a RequestDispatcher, the current resource will see the</a>
<span class="sourceLineNo">069</span><a id="line.69"> * originating request. Its own URI and paths are exposed as request attributes.</a>
<span class="sourceLineNo">070</span><a id="line.70"> */</a>
<span class="sourceLineNo">071</span><a id="line.71"> public static final String INCLUDE_REQUEST_URI_ATTRIBUTE = "javax.servlet.include.request_uri";</a>
<span class="sourceLineNo">072</span><a id="line.72"> public static final String INCLUDE_CONTEXT_PATH_ATTRIBUTE = "javax.servlet.include.context_path";</a>
<span class="sourceLineNo">073</span><a id="line.73"> public static final String INCLUDE_SERVLET_PATH_ATTRIBUTE = "javax.servlet.include.servlet_path";</a>
<span class="sourceLineNo">074</span><a id="line.74"> public static final String INCLUDE_PATH_INFO_ATTRIBUTE = "javax.servlet.include.path_info";</a>
<span class="sourceLineNo">075</span><a id="line.75"> public static final String INCLUDE_QUERY_STRING_ATTRIBUTE = "javax.servlet.include.query_string";</a>
<span class="sourceLineNo">076</span><a id="line.76"></a>
<span class="sourceLineNo">077</span><a id="line.77"> /**</a>
<span class="sourceLineNo">078</span><a id="line.78"> * Standard Servlet 2.4+ spec request attributes for forward URI and paths.</a>
<span class="sourceLineNo">079</span><a id="line.79"> * &lt;p&gt;If forwarded to via a RequestDispatcher, the current resource will see its</a>
<span class="sourceLineNo">080</span><a id="line.80"> * own URI and paths. The originating URI and paths are exposed as request attributes.</a>
<span class="sourceLineNo">081</span><a id="line.81"> */</a>
<span class="sourceLineNo">082</span><a id="line.82"> public static final String FORWARD_REQUEST_URI_ATTRIBUTE = "javax.servlet.forward.request_uri";</a>
<span class="sourceLineNo">083</span><a id="line.83"> public static final String FORWARD_CONTEXT_PATH_ATTRIBUTE = "javax.servlet.forward.context_path";</a>
<span class="sourceLineNo">084</span><a id="line.84"> public static final String FORWARD_SERVLET_PATH_ATTRIBUTE = "javax.servlet.forward.servlet_path";</a>
<span class="sourceLineNo">085</span><a id="line.85"> public static final String FORWARD_PATH_INFO_ATTRIBUTE = "javax.servlet.forward.path_info";</a>
<span class="sourceLineNo">086</span><a id="line.86"> public static final String FORWARD_QUERY_STRING_ATTRIBUTE = "javax.servlet.forward.query_string";</a>
<span class="sourceLineNo">087</span><a id="line.87"></a>
<span class="sourceLineNo">088</span><a id="line.88"> /**</a>
<span class="sourceLineNo">089</span><a id="line.89"> * Default character encoding to use when &lt;code&gt;request.getCharacterEncoding&lt;/code&gt;</a>
<span class="sourceLineNo">090</span><a id="line.90"> * returns &lt;code&gt;null&lt;/code&gt;, according to the Servlet spec.</a>
<span class="sourceLineNo">091</span><a id="line.91"> *</a>
<span class="sourceLineNo">092</span><a id="line.92"> * @see javax.servlet.ServletRequest#getCharacterEncoding</a>
<span class="sourceLineNo">093</span><a id="line.93"> */</a>
<span class="sourceLineNo">094</span><a id="line.94"> public static final String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1";</a>
<span class="sourceLineNo">095</span><a id="line.95"></a>
<span class="sourceLineNo">096</span><a id="line.96"> /**</a>
<span class="sourceLineNo">097</span><a id="line.97"> * Return the path within the web application for the given request.</a>
<span class="sourceLineNo">098</span><a id="line.98"> * Detects include request URL if called within a RequestDispatcher include.</a>
<span class="sourceLineNo">099</span><a id="line.99"> * &lt;p/&gt;</a>
<span class="sourceLineNo">100</span><a id="line.100"> * For example, for a request to URL</a>
<span class="sourceLineNo">101</span><a id="line.101"> * &lt;p/&gt;</a>
<span class="sourceLineNo">102</span><a id="line.102"> * &lt;code&gt;http://www.somehost.com/myapp/my/url.jsp&lt;/code&gt;,</a>
<span class="sourceLineNo">103</span><a id="line.103"> * &lt;p/&gt;</a>
<span class="sourceLineNo">104</span><a id="line.104"> * for an application deployed to &lt;code&gt;/mayapp&lt;/code&gt; (the application's context path), this method would return</a>
<span class="sourceLineNo">105</span><a id="line.105"> * &lt;p/&gt;</a>
<span class="sourceLineNo">106</span><a id="line.106"> * &lt;code&gt;/my/url.jsp&lt;/code&gt;.</a>
<span class="sourceLineNo">107</span><a id="line.107"> *</a>
<span class="sourceLineNo">108</span><a id="line.108"> * @param request current HTTP request</a>
<span class="sourceLineNo">109</span><a id="line.109"> * @return the path within the web application</a>
<span class="sourceLineNo">110</span><a id="line.110"> */</a>
<span class="sourceLineNo">111</span><a id="line.111"> public static String getPathWithinApplication(HttpServletRequest request) {</a>
<span class="sourceLineNo">112</span><a id="line.112"> return normalize(removeSemicolon(getServletPath(request) + getPathInfo(request)));</a>
<span class="sourceLineNo">113</span><a id="line.113"> }</a>
<span class="sourceLineNo">114</span><a id="line.114"></a>
<span class="sourceLineNo">115</span><a id="line.115"> /**</a>
<span class="sourceLineNo">116</span><a id="line.116"> * Return the request URI for the given request, detecting an include request</a>
<span class="sourceLineNo">117</span><a id="line.117"> * URL if called within a RequestDispatcher include.</a>
<span class="sourceLineNo">118</span><a id="line.118"> * &lt;p&gt;As the value returned by &lt;code&gt;request.getRequestURI()&lt;/code&gt; is &lt;i&gt;not&lt;/i&gt;</a>
<span class="sourceLineNo">119</span><a id="line.119"> * decoded by the servlet container, this method will decode it.</a>
<span class="sourceLineNo">120</span><a id="line.120"> * &lt;p&gt;The URI that the web container resolves &lt;i&gt;should&lt;/i&gt; be correct, but some</a>
<span class="sourceLineNo">121</span><a id="line.121"> * containers like JBoss/Jetty incorrectly include ";" strings like ";jsessionid"</a>
<span class="sourceLineNo">122</span><a id="line.122"> * in the URI. This method cuts off such incorrect appendices.</a>
<span class="sourceLineNo">123</span><a id="line.123"> *</a>
<span class="sourceLineNo">124</span><a id="line.124"> * @param request current HTTP request</a>
<span class="sourceLineNo">125</span><a id="line.125"> * @return the request URI</a>
<span class="sourceLineNo">126</span><a id="line.126"> * @deprecated use getPathWithinApplication() to get the path minus the context path, or call HttpServletRequest.getRequestURI() directly from your code.</a>
<span class="sourceLineNo">127</span><a id="line.127"> */</a>
<span class="sourceLineNo">128</span><a id="line.128"> @Deprecated</a>
<span class="sourceLineNo">129</span><a id="line.129"> public static String getRequestUri(HttpServletRequest request) {</a>
<span class="sourceLineNo">130</span><a id="line.130"> String uri = (String) request.getAttribute(INCLUDE_REQUEST_URI_ATTRIBUTE);</a>
<span class="sourceLineNo">131</span><a id="line.131"> if (uri == null) {</a>
<span class="sourceLineNo">132</span><a id="line.132"> uri = request.getRequestURI();</a>
<span class="sourceLineNo">133</span><a id="line.133"> }</a>
<span class="sourceLineNo">134</span><a id="line.134"> return normalize(decodeAndCleanUriString(request, uri));</a>
<span class="sourceLineNo">135</span><a id="line.135"> }</a>
<span class="sourceLineNo">136</span><a id="line.136"></a>
<span class="sourceLineNo">137</span><a id="line.137"> private static String getServletPath(HttpServletRequest request) {</a>
<span class="sourceLineNo">138</span><a id="line.138"> String servletPath = (String) request.getAttribute(INCLUDE_SERVLET_PATH_ATTRIBUTE);</a>
<span class="sourceLineNo">139</span><a id="line.139"> return servletPath != null ? servletPath : valueOrEmpty(request.getServletPath());</a>
<span class="sourceLineNo">140</span><a id="line.140"> }</a>
<span class="sourceLineNo">141</span><a id="line.141"></a>
<span class="sourceLineNo">142</span><a id="line.142"> private static String getPathInfo(HttpServletRequest request) {</a>
<span class="sourceLineNo">143</span><a id="line.143"> String pathInfo = (String) request.getAttribute(INCLUDE_PATH_INFO_ATTRIBUTE);</a>
<span class="sourceLineNo">144</span><a id="line.144"> return pathInfo != null ? pathInfo : valueOrEmpty(request.getPathInfo());</a>
<span class="sourceLineNo">145</span><a id="line.145"> }</a>
<span class="sourceLineNo">146</span><a id="line.146"></a>
<span class="sourceLineNo">147</span><a id="line.147"> private static String valueOrEmpty(String input) {</a>
<span class="sourceLineNo">148</span><a id="line.148"> if (input == null) {</a>
<span class="sourceLineNo">149</span><a id="line.149"> return "";</a>
<span class="sourceLineNo">150</span><a id="line.150"> }</a>
<span class="sourceLineNo">151</span><a id="line.151"> return input;</a>
<span class="sourceLineNo">152</span><a id="line.152"> }</a>
<span class="sourceLineNo">153</span><a id="line.153"></a>
<span class="sourceLineNo">154</span><a id="line.154"> /**</a>
<span class="sourceLineNo">155</span><a id="line.155"> * Normalize a relative URI path that may have relative values ("/./",</a>
<span class="sourceLineNo">156</span><a id="line.156"> * "/../", and so on ) it it. &lt;strong&gt;WARNING&lt;/strong&gt; - This method is</a>
<span class="sourceLineNo">157</span><a id="line.157"> * useful only for normalizing application-generated paths. It does not</a>
<span class="sourceLineNo">158</span><a id="line.158"> * try to perform security checks for malicious input.</a>
<span class="sourceLineNo">159</span><a id="line.159"> * Normalize operations were was happily taken from org.apache.catalina.util.RequestUtil in</a>
<span class="sourceLineNo">160</span><a id="line.160"> * Tomcat trunk, r939305</a>
<span class="sourceLineNo">161</span><a id="line.161"> *</a>
<span class="sourceLineNo">162</span><a id="line.162"> * @param path Relative path to be normalized</a>
<span class="sourceLineNo">163</span><a id="line.163"> * @return normalized path</a>
<span class="sourceLineNo">164</span><a id="line.164"> */</a>
<span class="sourceLineNo">165</span><a id="line.165"> public static String normalize(String path) {</a>
<span class="sourceLineNo">166</span><a id="line.166"> return normalize(path, true);</a>
<span class="sourceLineNo">167</span><a id="line.167"> }</a>
<span class="sourceLineNo">168</span><a id="line.168"></a>
<span class="sourceLineNo">169</span><a id="line.169"> /**</a>
<span class="sourceLineNo">170</span><a id="line.170"> * Normalize a relative URI path that may have relative values ("/./",</a>
<span class="sourceLineNo">171</span><a id="line.171"> * "/../", and so on ) it it. &lt;strong&gt;WARNING&lt;/strong&gt; - This method is</a>
<span class="sourceLineNo">172</span><a id="line.172"> * useful only for normalizing application-generated paths. It does not</a>
<span class="sourceLineNo">173</span><a id="line.173"> * try to perform security checks for malicious input.</a>
<span class="sourceLineNo">174</span><a id="line.174"> * Normalize operations were was happily taken from org.apache.catalina.util.RequestUtil in</a>
<span class="sourceLineNo">175</span><a id="line.175"> * Tomcat trunk, r939305</a>
<span class="sourceLineNo">176</span><a id="line.176"> *</a>
<span class="sourceLineNo">177</span><a id="line.177"> * @param path Relative path to be normalized</a>
<span class="sourceLineNo">178</span><a id="line.178"> * @param replaceBackSlash Should '\\' be replaced with '/'</a>
<span class="sourceLineNo">179</span><a id="line.179"> * @return normalized path</a>
<span class="sourceLineNo">180</span><a id="line.180"> */</a>
<span class="sourceLineNo">181</span><a id="line.181"> private static String normalize(String path, boolean replaceBackSlash) {</a>
<span class="sourceLineNo">182</span><a id="line.182"></a>
<span class="sourceLineNo">183</span><a id="line.183"> if (path == null)</a>
<span class="sourceLineNo">184</span><a id="line.184"> return null;</a>
<span class="sourceLineNo">185</span><a id="line.185"></a>
<span class="sourceLineNo">186</span><a id="line.186"> // Create a place for the normalized path</a>
<span class="sourceLineNo">187</span><a id="line.187"> String normalized = path;</a>
<span class="sourceLineNo">188</span><a id="line.188"></a>
<span class="sourceLineNo">189</span><a id="line.189"> if (replaceBackSlash &amp;&amp; normalized.indexOf('\\') &gt;= 0)</a>
<span class="sourceLineNo">190</span><a id="line.190"> normalized = normalized.replace('\\', '/');</a>
<span class="sourceLineNo">191</span><a id="line.191"></a>
<span class="sourceLineNo">192</span><a id="line.192"> if (normalized.equals("/."))</a>
<span class="sourceLineNo">193</span><a id="line.193"> return "/";</a>
<span class="sourceLineNo">194</span><a id="line.194"></a>
<span class="sourceLineNo">195</span><a id="line.195"> // Add a leading "/" if necessary</a>
<span class="sourceLineNo">196</span><a id="line.196"> if (!normalized.startsWith("/"))</a>
<span class="sourceLineNo">197</span><a id="line.197"> normalized = "/" + normalized;</a>
<span class="sourceLineNo">198</span><a id="line.198"></a>
<span class="sourceLineNo">199</span><a id="line.199"> // Resolve occurrences of "//" in the normalized path</a>
<span class="sourceLineNo">200</span><a id="line.200"> while (true) {</a>
<span class="sourceLineNo">201</span><a id="line.201"> int index = normalized.indexOf("//");</a>
<span class="sourceLineNo">202</span><a id="line.202"> if (index &lt; 0)</a>
<span class="sourceLineNo">203</span><a id="line.203"> break;</a>
<span class="sourceLineNo">204</span><a id="line.204"> normalized = normalized.substring(0, index) +</a>
<span class="sourceLineNo">205</span><a id="line.205"> normalized.substring(index + 1);</a>
<span class="sourceLineNo">206</span><a id="line.206"> }</a>
<span class="sourceLineNo">207</span><a id="line.207"></a>
<span class="sourceLineNo">208</span><a id="line.208"> // Resolve occurrences of "/./" in the normalized path</a>
<span class="sourceLineNo">209</span><a id="line.209"> while (true) {</a>
<span class="sourceLineNo">210</span><a id="line.210"> int index = normalized.indexOf("/./");</a>
<span class="sourceLineNo">211</span><a id="line.211"> if (index &lt; 0)</a>
<span class="sourceLineNo">212</span><a id="line.212"> break;</a>
<span class="sourceLineNo">213</span><a id="line.213"> normalized = normalized.substring(0, index) +</a>
<span class="sourceLineNo">214</span><a id="line.214"> normalized.substring(index + 2);</a>
<span class="sourceLineNo">215</span><a id="line.215"> }</a>
<span class="sourceLineNo">216</span><a id="line.216"></a>
<span class="sourceLineNo">217</span><a id="line.217"> // Resolve occurrences of "/../" in the normalized path</a>
<span class="sourceLineNo">218</span><a id="line.218"> while (true) {</a>
<span class="sourceLineNo">219</span><a id="line.219"> int index = normalized.indexOf("/../");</a>
<span class="sourceLineNo">220</span><a id="line.220"> if (index &lt; 0)</a>
<span class="sourceLineNo">221</span><a id="line.221"> break;</a>
<span class="sourceLineNo">222</span><a id="line.222"> if (index == 0)</a>
<span class="sourceLineNo">223</span><a id="line.223"> return (null); // Trying to go outside our context</a>
<span class="sourceLineNo">224</span><a id="line.224"> int index2 = normalized.lastIndexOf('/', index - 1);</a>
<span class="sourceLineNo">225</span><a id="line.225"> normalized = normalized.substring(0, index2) +</a>
<span class="sourceLineNo">226</span><a id="line.226"> normalized.substring(index + 3);</a>
<span class="sourceLineNo">227</span><a id="line.227"> }</a>
<span class="sourceLineNo">228</span><a id="line.228"></a>
<span class="sourceLineNo">229</span><a id="line.229"> // Return the normalized path that we have completed</a>
<span class="sourceLineNo">230</span><a id="line.230"> return (normalized);</a>
<span class="sourceLineNo">231</span><a id="line.231"></a>
<span class="sourceLineNo">232</span><a id="line.232"> }</a>
<span class="sourceLineNo">233</span><a id="line.233"></a>
<span class="sourceLineNo">234</span><a id="line.234"></a>
<span class="sourceLineNo">235</span><a id="line.235"> /**</a>
<span class="sourceLineNo">236</span><a id="line.236"> * Decode the supplied URI string and strips any extraneous portion after a ';'.</a>
<span class="sourceLineNo">237</span><a id="line.237"> *</a>
<span class="sourceLineNo">238</span><a id="line.238"> * @param request the incoming HttpServletRequest</a>
<span class="sourceLineNo">239</span><a id="line.239"> * @param uri the application's URI string</a>
<span class="sourceLineNo">240</span><a id="line.240"> * @return the supplied URI string stripped of any extraneous portion after a ';'.</a>
<span class="sourceLineNo">241</span><a id="line.241"> */</a>
<span class="sourceLineNo">242</span><a id="line.242"> private static String decodeAndCleanUriString(HttpServletRequest request, String uri) {</a>
<span class="sourceLineNo">243</span><a id="line.243"> uri = decodeRequestString(request, uri);</a>
<span class="sourceLineNo">244</span><a id="line.244"> return removeSemicolon(uri);</a>
<span class="sourceLineNo">245</span><a id="line.245"> }</a>
<span class="sourceLineNo">246</span><a id="line.246"></a>
<span class="sourceLineNo">247</span><a id="line.247"> private static String removeSemicolon(String uri) {</a>
<span class="sourceLineNo">248</span><a id="line.248"> int semicolonIndex = uri.indexOf(';');</a>
<span class="sourceLineNo">249</span><a id="line.249"> return (semicolonIndex != -1 ? uri.substring(0, semicolonIndex) : uri);</a>
<span class="sourceLineNo">250</span><a id="line.250"> }</a>
<span class="sourceLineNo">251</span><a id="line.251"></a>
<span class="sourceLineNo">252</span><a id="line.252"> /**</a>
<span class="sourceLineNo">253</span><a id="line.253"> * Return the context path for the given request, detecting an include request</a>
<span class="sourceLineNo">254</span><a id="line.254"> * URL if called within a RequestDispatcher include.</a>
<span class="sourceLineNo">255</span><a id="line.255"> * &lt;p&gt;As the value returned by &lt;code&gt;request.getContextPath()&lt;/code&gt; is &lt;i&gt;not&lt;/i&gt;</a>
<span class="sourceLineNo">256</span><a id="line.256"> * decoded by the servlet container, this method will decode it.</a>
<span class="sourceLineNo">257</span><a id="line.257"> *</a>
<span class="sourceLineNo">258</span><a id="line.258"> * @param request current HTTP request</a>
<span class="sourceLineNo">259</span><a id="line.259"> * @return the context path</a>
<span class="sourceLineNo">260</span><a id="line.260"> */</a>
<span class="sourceLineNo">261</span><a id="line.261"> public static String getContextPath(HttpServletRequest request) {</a>
<span class="sourceLineNo">262</span><a id="line.262"> String contextPath = (String) request.getAttribute(INCLUDE_CONTEXT_PATH_ATTRIBUTE);</a>
<span class="sourceLineNo">263</span><a id="line.263"> if (contextPath == null) {</a>
<span class="sourceLineNo">264</span><a id="line.264"> contextPath = request.getContextPath();</a>
<span class="sourceLineNo">265</span><a id="line.265"> }</a>
<span class="sourceLineNo">266</span><a id="line.266"> contextPath = normalize(decodeRequestString(request, contextPath));</a>
<span class="sourceLineNo">267</span><a id="line.267"> if ("/".equals(contextPath)) {</a>
<span class="sourceLineNo">268</span><a id="line.268"> // the normalize method will return a "/" and includes on Jetty, will also be a "/".</a>
<span class="sourceLineNo">269</span><a id="line.269"> contextPath = "";</a>
<span class="sourceLineNo">270</span><a id="line.270"> }</a>
<span class="sourceLineNo">271</span><a id="line.271"> return contextPath;</a>
<span class="sourceLineNo">272</span><a id="line.272"> }</a>
<span class="sourceLineNo">273</span><a id="line.273"></a>
<span class="sourceLineNo">274</span><a id="line.274"> /**</a>
<span class="sourceLineNo">275</span><a id="line.275"> * Find the Shiro {@link WebEnvironment} for this web application, which is typically loaded via the</a>
<span class="sourceLineNo">276</span><a id="line.276"> * {@link org.apache.shiro.web.env.EnvironmentLoaderListener}.</a>
<span class="sourceLineNo">277</span><a id="line.277"> * &lt;p/&gt;</a>
<span class="sourceLineNo">278</span><a id="line.278"> * This implementation rethrows an exception that happened on environment startup to differentiate between a failed</a>
<span class="sourceLineNo">279</span><a id="line.279"> * environment startup and no environment at all.</a>
<span class="sourceLineNo">280</span><a id="line.280"> *</a>
<span class="sourceLineNo">281</span><a id="line.281"> * @param sc ServletContext to find the web application context for</a>
<span class="sourceLineNo">282</span><a id="line.282"> * @return the root WebApplicationContext for this web app</a>
<span class="sourceLineNo">283</span><a id="line.283"> * @throws IllegalStateException if the root WebApplicationContext could not be found</a>
<span class="sourceLineNo">284</span><a id="line.284"> * @see org.apache.shiro.web.env.EnvironmentLoader#ENVIRONMENT_ATTRIBUTE_KEY</a>
<span class="sourceLineNo">285</span><a id="line.285"> * @since 1.2</a>
<span class="sourceLineNo">286</span><a id="line.286"> */</a>
<span class="sourceLineNo">287</span><a id="line.287"> public static WebEnvironment getRequiredWebEnvironment(ServletContext sc)</a>
<span class="sourceLineNo">288</span><a id="line.288"> throws IllegalStateException {</a>
<span class="sourceLineNo">289</span><a id="line.289"></a>
<span class="sourceLineNo">290</span><a id="line.290"> WebEnvironment we = getWebEnvironment(sc);</a>
<span class="sourceLineNo">291</span><a id="line.291"> if (we == null) {</a>
<span class="sourceLineNo">292</span><a id="line.292"> throw new IllegalStateException("No WebEnvironment found: no EnvironmentLoaderListener registered?");</a>
<span class="sourceLineNo">293</span><a id="line.293"> }</a>
<span class="sourceLineNo">294</span><a id="line.294"> return we;</a>
<span class="sourceLineNo">295</span><a id="line.295"> }</a>
<span class="sourceLineNo">296</span><a id="line.296"></a>
<span class="sourceLineNo">297</span><a id="line.297"> /**</a>
<span class="sourceLineNo">298</span><a id="line.298"> * Find the Shiro {@link WebEnvironment} for this web application, which is typically loaded via</a>
<span class="sourceLineNo">299</span><a id="line.299"> * {@link org.apache.shiro.web.env.EnvironmentLoaderListener}.</a>
<span class="sourceLineNo">300</span><a id="line.300"> * &lt;p/&gt;</a>
<span class="sourceLineNo">301</span><a id="line.301"> * This implementation rethrows an exception that happened on environment startup to differentiate between a failed</a>
<span class="sourceLineNo">302</span><a id="line.302"> * environment startup and no environment at all.</a>
<span class="sourceLineNo">303</span><a id="line.303"> *</a>
<span class="sourceLineNo">304</span><a id="line.304"> * @param sc ServletContext to find the web application context for</a>
<span class="sourceLineNo">305</span><a id="line.305"> * @return the root WebApplicationContext for this web app, or &lt;code&gt;null&lt;/code&gt; if none</a>
<span class="sourceLineNo">306</span><a id="line.306"> * @see org.apache.shiro.web.env.EnvironmentLoader#ENVIRONMENT_ATTRIBUTE_KEY</a>
<span class="sourceLineNo">307</span><a id="line.307"> * @since 1.2</a>
<span class="sourceLineNo">308</span><a id="line.308"> */</a>
<span class="sourceLineNo">309</span><a id="line.309"> public static WebEnvironment getWebEnvironment(ServletContext sc) {</a>
<span class="sourceLineNo">310</span><a id="line.310"> return getWebEnvironment(sc, EnvironmentLoader.ENVIRONMENT_ATTRIBUTE_KEY);</a>
<span class="sourceLineNo">311</span><a id="line.311"> }</a>
<span class="sourceLineNo">312</span><a id="line.312"></a>
<span class="sourceLineNo">313</span><a id="line.313"> /**</a>
<span class="sourceLineNo">314</span><a id="line.314"> * Find the Shiro {@link WebEnvironment} for this web application.</a>
<span class="sourceLineNo">315</span><a id="line.315"> *</a>
<span class="sourceLineNo">316</span><a id="line.316"> * @param sc ServletContext to find the web application context for</a>
<span class="sourceLineNo">317</span><a id="line.317"> * @param attrName the name of the ServletContext attribute to look for</a>
<span class="sourceLineNo">318</span><a id="line.318"> * @return the desired WebEnvironment for this web app, or &lt;code&gt;null&lt;/code&gt; if none</a>
<span class="sourceLineNo">319</span><a id="line.319"> * @since 1.2</a>
<span class="sourceLineNo">320</span><a id="line.320"> */</a>
<span class="sourceLineNo">321</span><a id="line.321"> public static WebEnvironment getWebEnvironment(ServletContext sc, String attrName) {</a>
<span class="sourceLineNo">322</span><a id="line.322"> if (sc == null) {</a>
<span class="sourceLineNo">323</span><a id="line.323"> throw new IllegalArgumentException("ServletContext argument must not be null.");</a>
<span class="sourceLineNo">324</span><a id="line.324"> }</a>
<span class="sourceLineNo">325</span><a id="line.325"> Object attr = sc.getAttribute(attrName);</a>
<span class="sourceLineNo">326</span><a id="line.326"> if (attr == null) {</a>
<span class="sourceLineNo">327</span><a id="line.327"> return null;</a>
<span class="sourceLineNo">328</span><a id="line.328"> }</a>
<span class="sourceLineNo">329</span><a id="line.329"> if (attr instanceof RuntimeException) {</a>
<span class="sourceLineNo">330</span><a id="line.330"> throw (RuntimeException) attr;</a>
<span class="sourceLineNo">331</span><a id="line.331"> }</a>
<span class="sourceLineNo">332</span><a id="line.332"> if (attr instanceof Error) {</a>
<span class="sourceLineNo">333</span><a id="line.333"> throw (Error) attr;</a>
<span class="sourceLineNo">334</span><a id="line.334"> }</a>
<span class="sourceLineNo">335</span><a id="line.335"> if (attr instanceof Exception) {</a>
<span class="sourceLineNo">336</span><a id="line.336"> throw new IllegalStateException((Exception) attr);</a>
<span class="sourceLineNo">337</span><a id="line.337"> }</a>
<span class="sourceLineNo">338</span><a id="line.338"> if (!(attr instanceof WebEnvironment)) {</a>
<span class="sourceLineNo">339</span><a id="line.339"> throw new IllegalStateException("Context attribute is not of type WebEnvironment: " + attr);</a>
<span class="sourceLineNo">340</span><a id="line.340"> }</a>
<span class="sourceLineNo">341</span><a id="line.341"> return (WebEnvironment) attr;</a>
<span class="sourceLineNo">342</span><a id="line.342"> }</a>
<span class="sourceLineNo">343</span><a id="line.343"></a>
<span class="sourceLineNo">344</span><a id="line.344"></a>
<span class="sourceLineNo">345</span><a id="line.345"> /**</a>
<span class="sourceLineNo">346</span><a id="line.346"> * Decode the given source string with a URLDecoder. The encoding will be taken</a>
<span class="sourceLineNo">347</span><a id="line.347"> * from the request, falling back to the default "ISO-8859-1".</a>
<span class="sourceLineNo">348</span><a id="line.348"> * &lt;p&gt;The default implementation uses &lt;code&gt;URLDecoder.decode(input, enc)&lt;/code&gt;.</a>
<span class="sourceLineNo">349</span><a id="line.349"> *</a>
<span class="sourceLineNo">350</span><a id="line.350"> * @param request current HTTP request</a>
<span class="sourceLineNo">351</span><a id="line.351"> * @param source the String to decode</a>
<span class="sourceLineNo">352</span><a id="line.352"> * @return the decoded String</a>
<span class="sourceLineNo">353</span><a id="line.353"> * @see #DEFAULT_CHARACTER_ENCODING</a>
<span class="sourceLineNo">354</span><a id="line.354"> * @see javax.servlet.ServletRequest#getCharacterEncoding</a>
<span class="sourceLineNo">355</span><a id="line.355"> * @see java.net.URLDecoder#decode(String, String)</a>
<span class="sourceLineNo">356</span><a id="line.356"> * @see java.net.URLDecoder#decode(String)</a>
<span class="sourceLineNo">357</span><a id="line.357"> */</a>
<span class="sourceLineNo">358</span><a id="line.358"> @SuppressWarnings({"deprecation"})</a>
<span class="sourceLineNo">359</span><a id="line.359"> public static String decodeRequestString(HttpServletRequest request, String source) {</a>
<span class="sourceLineNo">360</span><a id="line.360"> String enc = determineEncoding(request);</a>
<span class="sourceLineNo">361</span><a id="line.361"> try {</a>
<span class="sourceLineNo">362</span><a id="line.362"> return URLDecoder.decode(source, enc);</a>
<span class="sourceLineNo">363</span><a id="line.363"> } catch (UnsupportedEncodingException ex) {</a>
<span class="sourceLineNo">364</span><a id="line.364"> if (log.isWarnEnabled()) {</a>
<span class="sourceLineNo">365</span><a id="line.365"> log.warn("Could not decode request string [" + Encode.forHtml(source) + "] with encoding '" + Encode.forHtml(enc) +</a>
<span class="sourceLineNo">366</span><a id="line.366"> "': falling back to platform default encoding; exception message: " + ex.getMessage());</a>
<span class="sourceLineNo">367</span><a id="line.367"> }</a>
<span class="sourceLineNo">368</span><a id="line.368"> return URLDecoder.decode(source);</a>
<span class="sourceLineNo">369</span><a id="line.369"> }</a>
<span class="sourceLineNo">370</span><a id="line.370"> }</a>
<span class="sourceLineNo">371</span><a id="line.371"></a>
<span class="sourceLineNo">372</span><a id="line.372"> /**</a>
<span class="sourceLineNo">373</span><a id="line.373"> * Determine the encoding for the given request.</a>
<span class="sourceLineNo">374</span><a id="line.374"> * Can be overridden in subclasses.</a>
<span class="sourceLineNo">375</span><a id="line.375"> * &lt;p&gt;The default implementation checks the request's</a>
<span class="sourceLineNo">376</span><a id="line.376"> * {@link ServletRequest#getCharacterEncoding() character encoding}, and if that</a>
<span class="sourceLineNo">377</span><a id="line.377"> * &lt;code&gt;null&lt;/code&gt;, falls back to the {@link #DEFAULT_CHARACTER_ENCODING}.</a>
<span class="sourceLineNo">378</span><a id="line.378"> *</a>
<span class="sourceLineNo">379</span><a id="line.379"> * @param request current HTTP request</a>
<span class="sourceLineNo">380</span><a id="line.380"> * @return the encoding for the request (never &lt;code&gt;null&lt;/code&gt;)</a>
<span class="sourceLineNo">381</span><a id="line.381"> * @see javax.servlet.ServletRequest#getCharacterEncoding()</a>
<span class="sourceLineNo">382</span><a id="line.382"> */</a>
<span class="sourceLineNo">383</span><a id="line.383"> protected static String determineEncoding(HttpServletRequest request) {</a>
<span class="sourceLineNo">384</span><a id="line.384"> String enc = request.getCharacterEncoding();</a>
<span class="sourceLineNo">385</span><a id="line.385"> if (enc == null) {</a>
<span class="sourceLineNo">386</span><a id="line.386"> enc = DEFAULT_CHARACTER_ENCODING;</a>
<span class="sourceLineNo">387</span><a id="line.387"> }</a>
<span class="sourceLineNo">388</span><a id="line.388"> return enc;</a>
<span class="sourceLineNo">389</span><a id="line.389"> }</a>
<span class="sourceLineNo">390</span><a id="line.390"></a>
<span class="sourceLineNo">391</span><a id="line.391"> /*</a>
<span class="sourceLineNo">392</span><a id="line.392"> * Returns {@code true} IFF the specified {@code SubjectContext}:</a>
<span class="sourceLineNo">393</span><a id="line.393"> * &lt;ol&gt;</a>
<span class="sourceLineNo">394</span><a id="line.394"> * &lt;li&gt;A {@link WebSubjectContext} instance&lt;/li&gt;</a>
<span class="sourceLineNo">395</span><a id="line.395"> * &lt;li&gt;The {@code WebSubjectContext}'s request/response pair are not null&lt;/li&gt;</a>
<span class="sourceLineNo">396</span><a id="line.396"> * &lt;li&gt;The request is an {@link HttpServletRequest} instance&lt;/li&gt;</a>
<span class="sourceLineNo">397</span><a id="line.397"> * &lt;li&gt;The response is an {@link HttpServletResponse} instance&lt;/li&gt;</a>
<span class="sourceLineNo">398</span><a id="line.398"> * &lt;/ol&gt;</a>
<span class="sourceLineNo">399</span><a id="line.399"> *</a>
<span class="sourceLineNo">400</span><a id="line.400"> * @param context the SubjectContext to check to see if it is HTTP compatible.</a>
<span class="sourceLineNo">401</span><a id="line.401"> * @return {@code true} IFF the specified context has HTTP request/response objects, {@code false} otherwise.</a>
<span class="sourceLineNo">402</span><a id="line.402"> * @since 1.0</a>
<span class="sourceLineNo">403</span><a id="line.403"> */</a>
<span class="sourceLineNo">404</span><a id="line.404"></a>
<span class="sourceLineNo">405</span><a id="line.405"> public static boolean isWeb(Object requestPairSource) {</a>
<span class="sourceLineNo">406</span><a id="line.406"> return requestPairSource instanceof RequestPairSource &amp;&amp; isWeb((RequestPairSource) requestPairSource);</a>
<span class="sourceLineNo">407</span><a id="line.407"> }</a>
<span class="sourceLineNo">408</span><a id="line.408"></a>
<span class="sourceLineNo">409</span><a id="line.409"> public static boolean isHttp(Object requestPairSource) {</a>
<span class="sourceLineNo">410</span><a id="line.410"> return requestPairSource instanceof RequestPairSource &amp;&amp; isHttp((RequestPairSource) requestPairSource);</a>
<span class="sourceLineNo">411</span><a id="line.411"> }</a>
<span class="sourceLineNo">412</span><a id="line.412"></a>
<span class="sourceLineNo">413</span><a id="line.413"> public static ServletRequest getRequest(Object requestPairSource) {</a>
<span class="sourceLineNo">414</span><a id="line.414"> if (requestPairSource instanceof RequestPairSource) {</a>
<span class="sourceLineNo">415</span><a id="line.415"> return ((RequestPairSource) requestPairSource).getServletRequest();</a>
<span class="sourceLineNo">416</span><a id="line.416"> }</a>
<span class="sourceLineNo">417</span><a id="line.417"> return null;</a>
<span class="sourceLineNo">418</span><a id="line.418"> }</a>
<span class="sourceLineNo">419</span><a id="line.419"></a>
<span class="sourceLineNo">420</span><a id="line.420"> public static ServletResponse getResponse(Object requestPairSource) {</a>
<span class="sourceLineNo">421</span><a id="line.421"> if (requestPairSource instanceof RequestPairSource) {</a>
<span class="sourceLineNo">422</span><a id="line.422"> return ((RequestPairSource) requestPairSource).getServletResponse();</a>
<span class="sourceLineNo">423</span><a id="line.423"> }</a>
<span class="sourceLineNo">424</span><a id="line.424"> return null;</a>
<span class="sourceLineNo">425</span><a id="line.425"> }</a>
<span class="sourceLineNo">426</span><a id="line.426"></a>
<span class="sourceLineNo">427</span><a id="line.427"> public static HttpServletRequest getHttpRequest(Object requestPairSource) {</a>
<span class="sourceLineNo">428</span><a id="line.428"> ServletRequest request = getRequest(requestPairSource);</a>
<span class="sourceLineNo">429</span><a id="line.429"> if (request instanceof HttpServletRequest) {</a>
<span class="sourceLineNo">430</span><a id="line.430"> return (HttpServletRequest) request;</a>
<span class="sourceLineNo">431</span><a id="line.431"> }</a>
<span class="sourceLineNo">432</span><a id="line.432"> return null;</a>
<span class="sourceLineNo">433</span><a id="line.433"> }</a>
<span class="sourceLineNo">434</span><a id="line.434"></a>
<span class="sourceLineNo">435</span><a id="line.435"> public static HttpServletResponse getHttpResponse(Object requestPairSource) {</a>
<span class="sourceLineNo">436</span><a id="line.436"> ServletResponse response = getResponse(requestPairSource);</a>
<span class="sourceLineNo">437</span><a id="line.437"> if (response instanceof HttpServletResponse) {</a>
<span class="sourceLineNo">438</span><a id="line.438"> return (HttpServletResponse) response;</a>
<span class="sourceLineNo">439</span><a id="line.439"> }</a>
<span class="sourceLineNo">440</span><a id="line.440"> return null;</a>
<span class="sourceLineNo">441</span><a id="line.441"> }</a>
<span class="sourceLineNo">442</span><a id="line.442"></a>
<span class="sourceLineNo">443</span><a id="line.443"> private static boolean isWeb(RequestPairSource source) {</a>
<span class="sourceLineNo">444</span><a id="line.444"> ServletRequest request = source.getServletRequest();</a>
<span class="sourceLineNo">445</span><a id="line.445"> ServletResponse response = source.getServletResponse();</a>
<span class="sourceLineNo">446</span><a id="line.446"> return request != null &amp;&amp; response != null;</a>
<span class="sourceLineNo">447</span><a id="line.447"> }</a>
<span class="sourceLineNo">448</span><a id="line.448"></a>
<span class="sourceLineNo">449</span><a id="line.449"> private static boolean isHttp(RequestPairSource source) {</a>
<span class="sourceLineNo">450</span><a id="line.450"> ServletRequest request = source.getServletRequest();</a>
<span class="sourceLineNo">451</span><a id="line.451"> ServletResponse response = source.getServletResponse();</a>
<span class="sourceLineNo">452</span><a id="line.452"> return request instanceof HttpServletRequest &amp;&amp; response instanceof HttpServletResponse;</a>
<span class="sourceLineNo">453</span><a id="line.453"> }</a>
<span class="sourceLineNo">454</span><a id="line.454"></a>
<span class="sourceLineNo">455</span><a id="line.455"> /**</a>
<span class="sourceLineNo">456</span><a id="line.456"> * Returns {@code true} if a session is allowed to be created for a subject-associated request, {@code false}</a>
<span class="sourceLineNo">457</span><a id="line.457"> * otherwise.</a>
<span class="sourceLineNo">458</span><a id="line.458"> * &lt;p/&gt;</a>
<span class="sourceLineNo">459</span><a id="line.459"> * &lt;b&gt;This method exists for Shiro's internal framework needs and should never be called by Shiro end-users. It</a>
<span class="sourceLineNo">460</span><a id="line.460"> * could be changed/removed at any time.&lt;/b&gt;</a>
<span class="sourceLineNo">461</span><a id="line.461"> *</a>
<span class="sourceLineNo">462</span><a id="line.462"> * @param requestPairSource a {@link RequestPairSource} instance, almost always a</a>
<span class="sourceLineNo">463</span><a id="line.463"> * {@link org.apache.shiro.web.subject.WebSubject WebSubject} instance.</a>
<span class="sourceLineNo">464</span><a id="line.464"> * @return {@code true} if a session is allowed to be created for a subject-associated request, {@code false}</a>
<span class="sourceLineNo">465</span><a id="line.465"> * otherwise.</a>
<span class="sourceLineNo">466</span><a id="line.466"> */</a>
<span class="sourceLineNo">467</span><a id="line.467"> public static boolean _isSessionCreationEnabled(Object requestPairSource) {</a>
<span class="sourceLineNo">468</span><a id="line.468"> if (requestPairSource instanceof RequestPairSource) {</a>
<span class="sourceLineNo">469</span><a id="line.469"> RequestPairSource source = (RequestPairSource) requestPairSource;</a>
<span class="sourceLineNo">470</span><a id="line.470"> return _isSessionCreationEnabled(source.getServletRequest());</a>
<span class="sourceLineNo">471</span><a id="line.471"> }</a>
<span class="sourceLineNo">472</span><a id="line.472"> return true; //by default</a>
<span class="sourceLineNo">473</span><a id="line.473"> }</a>
<span class="sourceLineNo">474</span><a id="line.474"></a>
<span class="sourceLineNo">475</span><a id="line.475"> /**</a>
<span class="sourceLineNo">476</span><a id="line.476"> * Returns {@code true} if a session is allowed to be created for a subject-associated request, {@code false}</a>
<span class="sourceLineNo">477</span><a id="line.477"> * otherwise.</a>
<span class="sourceLineNo">478</span><a id="line.478"> * &lt;p/&gt;</a>
<span class="sourceLineNo">479</span><a id="line.479"> * &lt;b&gt;This method exists for Shiro's internal framework needs and should never be called by Shiro end-users. It</a>
<span class="sourceLineNo">480</span><a id="line.480"> * could be changed/removed at any time.&lt;/b&gt;</a>
<span class="sourceLineNo">481</span><a id="line.481"> *</a>
<span class="sourceLineNo">482</span><a id="line.482"> * @param request incoming servlet request.</a>
<span class="sourceLineNo">483</span><a id="line.483"> * @return {@code true} if a session is allowed to be created for a subject-associated request, {@code false}</a>
<span class="sourceLineNo">484</span><a id="line.484"> * otherwise.</a>
<span class="sourceLineNo">485</span><a id="line.485"> */</a>
<span class="sourceLineNo">486</span><a id="line.486"> public static boolean _isSessionCreationEnabled(ServletRequest request) {</a>
<span class="sourceLineNo">487</span><a id="line.487"> if (request != null) {</a>
<span class="sourceLineNo">488</span><a id="line.488"> Object val = request.getAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED);</a>
<span class="sourceLineNo">489</span><a id="line.489"> if (val != null &amp;&amp; val instanceof Boolean) {</a>
<span class="sourceLineNo">490</span><a id="line.490"> return (Boolean) val;</a>
<span class="sourceLineNo">491</span><a id="line.491"> }</a>
<span class="sourceLineNo">492</span><a id="line.492"> }</a>
<span class="sourceLineNo">493</span><a id="line.493"> return true; //by default</a>
<span class="sourceLineNo">494</span><a id="line.494"> }</a>
<span class="sourceLineNo">495</span><a id="line.495"></a>
<span class="sourceLineNo">496</span><a id="line.496"> /**</a>
<span class="sourceLineNo">497</span><a id="line.497"> * A convenience method that merely casts the incoming &lt;code&gt;ServletRequest&lt;/code&gt; to an</a>
<span class="sourceLineNo">498</span><a id="line.498"> * &lt;code&gt;HttpServletRequest&lt;/code&gt;:</a>
<span class="sourceLineNo">499</span><a id="line.499"> * &lt;p/&gt;</a>
<span class="sourceLineNo">500</span><a id="line.500"> * &lt;code&gt;return (HttpServletRequest)request;&lt;/code&gt;</a>
<span class="sourceLineNo">501</span><a id="line.501"> * &lt;p/&gt;</a>
<span class="sourceLineNo">502</span><a id="line.502"> * Logic could be changed in the future for logging or throwing an meaningful exception in</a>
<span class="sourceLineNo">503</span><a id="line.503"> * non HTTP request environments (e.g. Portlet API).</a>
<span class="sourceLineNo">504</span><a id="line.504"> *</a>
<span class="sourceLineNo">505</span><a id="line.505"> * @param request the incoming ServletRequest</a>
<span class="sourceLineNo">506</span><a id="line.506"> * @return the &lt;code&gt;request&lt;/code&gt; argument casted to an &lt;code&gt;HttpServletRequest&lt;/code&gt;.</a>
<span class="sourceLineNo">507</span><a id="line.507"> */</a>
<span class="sourceLineNo">508</span><a id="line.508"> public static HttpServletRequest toHttp(ServletRequest request) {</a>
<span class="sourceLineNo">509</span><a id="line.509"> return (HttpServletRequest) request;</a>
<span class="sourceLineNo">510</span><a id="line.510"> }</a>
<span class="sourceLineNo">511</span><a id="line.511"></a>
<span class="sourceLineNo">512</span><a id="line.512"> /**</a>
<span class="sourceLineNo">513</span><a id="line.513"> * A convenience method that merely casts the incoming &lt;code&gt;ServletResponse&lt;/code&gt; to an</a>
<span class="sourceLineNo">514</span><a id="line.514"> * &lt;code&gt;HttpServletResponse&lt;/code&gt;:</a>
<span class="sourceLineNo">515</span><a id="line.515"> * &lt;p/&gt;</a>
<span class="sourceLineNo">516</span><a id="line.516"> * &lt;code&gt;return (HttpServletResponse)response;&lt;/code&gt;</a>
<span class="sourceLineNo">517</span><a id="line.517"> * &lt;p/&gt;</a>
<span class="sourceLineNo">518</span><a id="line.518"> * Logic could be changed in the future for logging or throwing an meaningful exception in</a>
<span class="sourceLineNo">519</span><a id="line.519"> * non HTTP request environments (e.g. Portlet API).</a>
<span class="sourceLineNo">520</span><a id="line.520"> *</a>
<span class="sourceLineNo">521</span><a id="line.521"> * @param response the outgoing ServletResponse</a>
<span class="sourceLineNo">522</span><a id="line.522"> * @return the &lt;code&gt;response&lt;/code&gt; argument casted to an &lt;code&gt;HttpServletResponse&lt;/code&gt;.</a>
<span class="sourceLineNo">523</span><a id="line.523"> */</a>
<span class="sourceLineNo">524</span><a id="line.524"> public static HttpServletResponse toHttp(ServletResponse response) {</a>
<span class="sourceLineNo">525</span><a id="line.525"> return (HttpServletResponse) response;</a>
<span class="sourceLineNo">526</span><a id="line.526"> }</a>
<span class="sourceLineNo">527</span><a id="line.527"></a>
<span class="sourceLineNo">528</span><a id="line.528"> /**</a>
<span class="sourceLineNo">529</span><a id="line.529"> * Redirects the current request to a new URL based on the given parameters.</a>
<span class="sourceLineNo">530</span><a id="line.530"> *</a>
<span class="sourceLineNo">531</span><a id="line.531"> * @param request the servlet request.</a>
<span class="sourceLineNo">532</span><a id="line.532"> * @param response the servlet response.</a>
<span class="sourceLineNo">533</span><a id="line.533"> * @param url the URL to redirect the user to.</a>
<span class="sourceLineNo">534</span><a id="line.534"> * @param queryParams a map of parameters that should be set as request parameters for the new request.</a>
<span class="sourceLineNo">535</span><a id="line.535"> * @param contextRelative true if the URL is relative to the servlet context path, or false if the URL is absolute.</a>
<span class="sourceLineNo">536</span><a id="line.536"> * @param http10Compatible whether to stay compatible with HTTP 1.0 clients.</a>
<span class="sourceLineNo">537</span><a id="line.537"> * @throws java.io.IOException if thrown by response methods.</a>
<span class="sourceLineNo">538</span><a id="line.538"> */</a>
<span class="sourceLineNo">539</span><a id="line.539"> public static void issueRedirect(ServletRequest request, ServletResponse response, String url, Map queryParams, boolean contextRelative, boolean http10Compatible) throws IOException {</a>
<span class="sourceLineNo">540</span><a id="line.540"> RedirectView view = new RedirectView(url, contextRelative, http10Compatible);</a>
<span class="sourceLineNo">541</span><a id="line.541"> view.renderMergedOutputModel(queryParams, toHttp(request), toHttp(response));</a>
<span class="sourceLineNo">542</span><a id="line.542"> }</a>
<span class="sourceLineNo">543</span><a id="line.543"></a>
<span class="sourceLineNo">544</span><a id="line.544"> /**</a>
<span class="sourceLineNo">545</span><a id="line.545"> * Redirects the current request to a new URL based on the given parameters and default values</a>
<span class="sourceLineNo">546</span><a id="line.546"> * for unspecified parameters.</a>
<span class="sourceLineNo">547</span><a id="line.547"> *</a>
<span class="sourceLineNo">548</span><a id="line.548"> * @param request the servlet request.</a>
<span class="sourceLineNo">549</span><a id="line.549"> * @param response the servlet response.</a>
<span class="sourceLineNo">550</span><a id="line.550"> * @param url the URL to redirect the user to.</a>
<span class="sourceLineNo">551</span><a id="line.551"> * @throws java.io.IOException if thrown by response methods.</a>
<span class="sourceLineNo">552</span><a id="line.552"> */</a>
<span class="sourceLineNo">553</span><a id="line.553"> public static void issueRedirect(ServletRequest request, ServletResponse response, String url) throws IOException {</a>
<span class="sourceLineNo">554</span><a id="line.554"> issueRedirect(request, response, url, null, true, true);</a>
<span class="sourceLineNo">555</span><a id="line.555"> }</a>
<span class="sourceLineNo">556</span><a id="line.556"></a>
<span class="sourceLineNo">557</span><a id="line.557"> /**</a>
<span class="sourceLineNo">558</span><a id="line.558"> * Redirects the current request to a new URL based on the given parameters and default values</a>
<span class="sourceLineNo">559</span><a id="line.559"> * for unspecified parameters.</a>
<span class="sourceLineNo">560</span><a id="line.560"> *</a>
<span class="sourceLineNo">561</span><a id="line.561"> * @param request the servlet request.</a>
<span class="sourceLineNo">562</span><a id="line.562"> * @param response the servlet response.</a>
<span class="sourceLineNo">563</span><a id="line.563"> * @param url the URL to redirect the user to.</a>
<span class="sourceLineNo">564</span><a id="line.564"> * @param queryParams a map of parameters that should be set as request parameters for the new request.</a>
<span class="sourceLineNo">565</span><a id="line.565"> * @throws java.io.IOException if thrown by response methods.</a>
<span class="sourceLineNo">566</span><a id="line.566"> */</a>
<span class="sourceLineNo">567</span><a id="line.567"> public static void issueRedirect(ServletRequest request, ServletResponse response, String url, Map queryParams) throws IOException {</a>
<span class="sourceLineNo">568</span><a id="line.568"> issueRedirect(request, response, url, queryParams, true, true);</a>
<span class="sourceLineNo">569</span><a id="line.569"> }</a>
<span class="sourceLineNo">570</span><a id="line.570"></a>
<span class="sourceLineNo">571</span><a id="line.571"> /**</a>
<span class="sourceLineNo">572</span><a id="line.572"> * Redirects the current request to a new URL based on the given parameters and default values</a>
<span class="sourceLineNo">573</span><a id="line.573"> * for unspecified parameters.</a>
<span class="sourceLineNo">574</span><a id="line.574"> *</a>
<span class="sourceLineNo">575</span><a id="line.575"> * @param request the servlet request.</a>
<span class="sourceLineNo">576</span><a id="line.576"> * @param response the servlet response.</a>
<span class="sourceLineNo">577</span><a id="line.577"> * @param url the URL to redirect the user to.</a>
<span class="sourceLineNo">578</span><a id="line.578"> * @param queryParams a map of parameters that should be set as request parameters for the new request.</a>
<span class="sourceLineNo">579</span><a id="line.579"> * @param contextRelative true if the URL is relative to the servlet context path, or false if the URL is absolute.</a>
<span class="sourceLineNo">580</span><a id="line.580"> * @throws java.io.IOException if thrown by response methods.</a>
<span class="sourceLineNo">581</span><a id="line.581"> */</a>
<span class="sourceLineNo">582</span><a id="line.582"> public static void issueRedirect(ServletRequest request, ServletResponse response, String url, Map queryParams, boolean contextRelative) throws IOException {</a>
<span class="sourceLineNo">583</span><a id="line.583"> issueRedirect(request, response, url, queryParams, contextRelative, true);</a>
<span class="sourceLineNo">584</span><a id="line.584"> }</a>
<span class="sourceLineNo">585</span><a id="line.585"></a>
<span class="sourceLineNo">586</span><a id="line.586"> /**</a>
<span class="sourceLineNo">587</span><a id="line.587"> * &lt;p&gt;Checks to see if a request param is considered true using a loose matching strategy for</a>
<span class="sourceLineNo">588</span><a id="line.588"> * general values that indicate that something is true or enabled, etc.&lt;/p&gt;</a>
<span class="sourceLineNo">589</span><a id="line.589"> * &lt;p/&gt;</a>
<span class="sourceLineNo">590</span><a id="line.590"> * &lt;p&gt;Values that are considered "true" include (case-insensitive): true, t, 1, enabled, y, yes, on.&lt;/p&gt;</a>
<span class="sourceLineNo">591</span><a id="line.591"> *</a>
<span class="sourceLineNo">592</span><a id="line.592"> * @param request the servlet request</a>
<span class="sourceLineNo">593</span><a id="line.593"> * @param paramName @return true if the param value is considered true or false if it isn't.</a>
<span class="sourceLineNo">594</span><a id="line.594"> * @return true if the given parameter is considered "true" - false otherwise.</a>
<span class="sourceLineNo">595</span><a id="line.595"> */</a>
<span class="sourceLineNo">596</span><a id="line.596"> public static boolean isTrue(ServletRequest request, String paramName) {</a>
<span class="sourceLineNo">597</span><a id="line.597"> String value = getCleanParam(request, paramName);</a>
<span class="sourceLineNo">598</span><a id="line.598"> return value != null &amp;&amp;</a>
<span class="sourceLineNo">599</span><a id="line.599"> (value.equalsIgnoreCase("true") ||</a>
<span class="sourceLineNo">600</span><a id="line.600"> value.equalsIgnoreCase("t") ||</a>
<span class="sourceLineNo">601</span><a id="line.601"> value.equalsIgnoreCase("1") ||</a>
<span class="sourceLineNo">602</span><a id="line.602"> value.equalsIgnoreCase("enabled") ||</a>
<span class="sourceLineNo">603</span><a id="line.603"> value.equalsIgnoreCase("y") ||</a>
<span class="sourceLineNo">604</span><a id="line.604"> value.equalsIgnoreCase("yes") ||</a>
<span class="sourceLineNo">605</span><a id="line.605"> value.equalsIgnoreCase("on"));</a>
<span class="sourceLineNo">606</span><a id="line.606"> }</a>
<span class="sourceLineNo">607</span><a id="line.607"></a>
<span class="sourceLineNo">608</span><a id="line.608"> /**</a>
<span class="sourceLineNo">609</span><a id="line.609"> * Convenience method that returns a request parameter value, first running it through</a>
<span class="sourceLineNo">610</span><a id="line.610"> * {@link StringUtils#clean(String)}.</a>
<span class="sourceLineNo">611</span><a id="line.611"> *</a>
<span class="sourceLineNo">612</span><a id="line.612"> * @param request the servlet request.</a>
<span class="sourceLineNo">613</span><a id="line.613"> * @param paramName the parameter name.</a>
<span class="sourceLineNo">614</span><a id="line.614"> * @return the clean param value, or null if the param does not exist or is empty.</a>
<span class="sourceLineNo">615</span><a id="line.615"> */</a>
<span class="sourceLineNo">616</span><a id="line.616"> public static String getCleanParam(ServletRequest request, String paramName) {</a>
<span class="sourceLineNo">617</span><a id="line.617"> return StringUtils.clean(request.getParameter(paramName));</a>
<span class="sourceLineNo">618</span><a id="line.618"> }</a>
<span class="sourceLineNo">619</span><a id="line.619"></a>
<span class="sourceLineNo">620</span><a id="line.620"> public static void saveRequest(ServletRequest request) {</a>
<span class="sourceLineNo">621</span><a id="line.621"> Subject subject = SecurityUtils.getSubject();</a>
<span class="sourceLineNo">622</span><a id="line.622"> Session session = subject.getSession();</a>
<span class="sourceLineNo">623</span><a id="line.623"> HttpServletRequest httpRequest = toHttp(request);</a>
<span class="sourceLineNo">624</span><a id="line.624"> SavedRequest savedRequest = new SavedRequest(httpRequest);</a>
<span class="sourceLineNo">625</span><a id="line.625"> session.setAttribute(SAVED_REQUEST_KEY, savedRequest);</a>
<span class="sourceLineNo">626</span><a id="line.626"> }</a>
<span class="sourceLineNo">627</span><a id="line.627"></a>
<span class="sourceLineNo">628</span><a id="line.628"> public static SavedRequest getAndClearSavedRequest(ServletRequest request) {</a>
<span class="sourceLineNo">629</span><a id="line.629"> SavedRequest savedRequest = getSavedRequest(request);</a>
<span class="sourceLineNo">630</span><a id="line.630"> if (savedRequest != null) {</a>
<span class="sourceLineNo">631</span><a id="line.631"> Subject subject = SecurityUtils.getSubject();</a>
<span class="sourceLineNo">632</span><a id="line.632"> Session session = subject.getSession();</a>
<span class="sourceLineNo">633</span><a id="line.633"> session.removeAttribute(SAVED_REQUEST_KEY);</a>
<span class="sourceLineNo">634</span><a id="line.634"> }</a>
<span class="sourceLineNo">635</span><a id="line.635"> return savedRequest;</a>
<span class="sourceLineNo">636</span><a id="line.636"> }</a>
<span class="sourceLineNo">637</span><a id="line.637"></a>
<span class="sourceLineNo">638</span><a id="line.638"> public static SavedRequest getSavedRequest(ServletRequest request) {</a>
<span class="sourceLineNo">639</span><a id="line.639"> SavedRequest savedRequest = null;</a>
<span class="sourceLineNo">640</span><a id="line.640"> Subject subject = SecurityUtils.getSubject();</a>
<span class="sourceLineNo">641</span><a id="line.641"> Session session = subject.getSession(false);</a>
<span class="sourceLineNo">642</span><a id="line.642"> if (session != null) {</a>
<span class="sourceLineNo">643</span><a id="line.643"> savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_KEY);</a>
<span class="sourceLineNo">644</span><a id="line.644"> }</a>
<span class="sourceLineNo">645</span><a id="line.645"> return savedRequest;</a>
<span class="sourceLineNo">646</span><a id="line.646"> }</a>
<span class="sourceLineNo">647</span><a id="line.647"></a>
<span class="sourceLineNo">648</span><a id="line.648"> /**</a>
<span class="sourceLineNo">649</span><a id="line.649"> * Redirects the to the request url from a previously</a>
<span class="sourceLineNo">650</span><a id="line.650"> * {@link #saveRequest(javax.servlet.ServletRequest) saved} request, or if there is no saved request, redirects the</a>
<span class="sourceLineNo">651</span><a id="line.651"> * end user to the specified {@code fallbackUrl}. If there is no saved request or fallback url, this method</a>
<span class="sourceLineNo">652</span><a id="line.652"> * throws an {@link IllegalStateException}.</a>
<span class="sourceLineNo">653</span><a id="line.653"> * &lt;p/&gt;</a>
<span class="sourceLineNo">654</span><a id="line.654"> * This method is primarily used to support a common login scenario - if an unauthenticated user accesses a</a>
<span class="sourceLineNo">655</span><a id="line.655"> * page that requires authentication, it is expected that request is</a>
<span class="sourceLineNo">656</span><a id="line.656"> * {@link #saveRequest(javax.servlet.ServletRequest) saved} first and then redirected to the login page. Then,</a>
<span class="sourceLineNo">657</span><a id="line.657"> * after a successful login, this method can be called to redirect them back to their originally requested URL, a</a>
<span class="sourceLineNo">658</span><a id="line.658"> * nice usability feature.</a>
<span class="sourceLineNo">659</span><a id="line.659"> *</a>
<span class="sourceLineNo">660</span><a id="line.660"> * @param request the incoming request</a>
<span class="sourceLineNo">661</span><a id="line.661"> * @param response the outgoing response</a>
<span class="sourceLineNo">662</span><a id="line.662"> * @param fallbackUrl the fallback url to redirect to if there is no saved request available.</a>
<span class="sourceLineNo">663</span><a id="line.663"> * @throws IllegalStateException if there is no saved request and the {@code fallbackUrl} is {@code null}.</a>
<span class="sourceLineNo">664</span><a id="line.664"> * @throws IOException if there is an error redirecting</a>
<span class="sourceLineNo">665</span><a id="line.665"> * @since 1.0</a>
<span class="sourceLineNo">666</span><a id="line.666"> */</a>
<span class="sourceLineNo">667</span><a id="line.667"> public static void redirectToSavedRequest(ServletRequest request, ServletResponse response, String fallbackUrl)</a>
<span class="sourceLineNo">668</span><a id="line.668"> throws IOException {</a>
<span class="sourceLineNo">669</span><a id="line.669"> String successUrl = null;</a>
<span class="sourceLineNo">670</span><a id="line.670"> boolean contextRelative = true;</a>
<span class="sourceLineNo">671</span><a id="line.671"> SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);</a>
<span class="sourceLineNo">672</span><a id="line.672"> if (savedRequest != null &amp;&amp; savedRequest.getMethod().equalsIgnoreCase(AccessControlFilter.GET_METHOD)) {</a>
<span class="sourceLineNo">673</span><a id="line.673"> successUrl = savedRequest.getRequestUrl();</a>
<span class="sourceLineNo">674</span><a id="line.674"> contextRelative = false;</a>
<span class="sourceLineNo">675</span><a id="line.675"> }</a>
<span class="sourceLineNo">676</span><a id="line.676"></a>
<span class="sourceLineNo">677</span><a id="line.677"> if (successUrl == null) {</a>
<span class="sourceLineNo">678</span><a id="line.678"> successUrl = fallbackUrl;</a>
<span class="sourceLineNo">679</span><a id="line.679"> }</a>
<span class="sourceLineNo">680</span><a id="line.680"></a>
<span class="sourceLineNo">681</span><a id="line.681"> if (successUrl == null) {</a>
<span class="sourceLineNo">682</span><a id="line.682"> throw new IllegalStateException("Success URL not available via saved request or via the " +</a>
<span class="sourceLineNo">683</span><a id="line.683"> "successUrlFallback method parameter. One of these must be non-null for " +</a>
<span class="sourceLineNo">684</span><a id="line.684"> "issueSuccessRedirect() to work.");</a>
<span class="sourceLineNo">685</span><a id="line.685"> }</a>
<span class="sourceLineNo">686</span><a id="line.686"></a>
<span class="sourceLineNo">687</span><a id="line.687"> WebUtils.issueRedirect(request, response, successUrl, null, contextRelative);</a>
<span class="sourceLineNo">688</span><a id="line.688"> }</a>
<span class="sourceLineNo">689</span><a id="line.689"></a>
<span class="sourceLineNo">690</span><a id="line.690">}</a>
</pre>
</div>
</main>
</body>
</html>