Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.8.0 / shiro-web / apidocs / src-html / org / apache / shiro / web / util / WebUtils.html
blob: 47a7ffb65c7ae225a4ddf130fc522885dd4993be [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Source code</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
</head>
<body>
<main role="main">
<div class="sourceContainer">
<pre><span class="sourceLineNo">001</span><a id="line.1">/*</a>
<span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a>
<span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements. See the NOTICE file</a>
<span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a>
<span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership. The ASF licenses this file</a>
<span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a>
<span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a>
<span class="sourceLineNo">008</span><a id="line.8"> * with the License. You may obtain a copy of the License at</a>
<span class="sourceLineNo">009</span><a id="line.9"> *</a>
<span class="sourceLineNo">010</span><a id="line.10"> * http://www.apache.org/licenses/LICENSE-2.0</a>
<span class="sourceLineNo">011</span><a id="line.11"> *</a>
<span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a>
<span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a>
<span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
<span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied. See the License for the</a>
<span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a>
<span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a>
<span class="sourceLineNo">018</span><a id="line.18"> */</a>
<span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.web.util;</a>
<span class="sourceLineNo">020</span><a id="line.20"></a>
<span class="sourceLineNo">021</span><a id="line.21">import org.apache.shiro.SecurityUtils;</a>
<span class="sourceLineNo">022</span><a id="line.22">import org.apache.shiro.session.Session;</a>
<span class="sourceLineNo">023</span><a id="line.23">import org.apache.shiro.subject.Subject;</a>
<span class="sourceLineNo">024</span><a id="line.24">import org.apache.shiro.subject.support.DefaultSubjectContext;</a>
<span class="sourceLineNo">025</span><a id="line.25">import org.apache.shiro.util.StringUtils;</a>
<span class="sourceLineNo">026</span><a id="line.26">import org.apache.shiro.web.env.EnvironmentLoader;</a>
<span class="sourceLineNo">027</span><a id="line.27">import org.apache.shiro.web.env.WebEnvironment;</a>
<span class="sourceLineNo">028</span><a id="line.28">import org.apache.shiro.web.filter.AccessControlFilter;</a>
<span class="sourceLineNo">029</span><a id="line.29">import org.owasp.encoder.Encode;</a>
<span class="sourceLineNo">030</span><a id="line.30">import org.slf4j.Logger;</a>
<span class="sourceLineNo">031</span><a id="line.31">import org.slf4j.LoggerFactory;</a>
<span class="sourceLineNo">032</span><a id="line.32"></a>
<span class="sourceLineNo">033</span><a id="line.33">import javax.servlet.ServletContext;</a>
<span class="sourceLineNo">034</span><a id="line.34">import javax.servlet.ServletRequest;</a>
<span class="sourceLineNo">035</span><a id="line.35">import javax.servlet.ServletResponse;</a>
<span class="sourceLineNo">036</span><a id="line.36">import javax.servlet.http.HttpServletRequest;</a>
<span class="sourceLineNo">037</span><a id="line.37">import javax.servlet.http.HttpServletResponse;</a>
<span class="sourceLineNo">038</span><a id="line.38">import java.io.IOException;</a>
<span class="sourceLineNo">039</span><a id="line.39">import java.io.UnsupportedEncodingException;</a>
<span class="sourceLineNo">040</span><a id="line.40">import java.net.URLDecoder;</a>
<span class="sourceLineNo">041</span><a id="line.41">import java.util.Map;</a>
<span class="sourceLineNo">042</span><a id="line.42"></a>
<span class="sourceLineNo">043</span><a id="line.43">/**</a>
<span class="sourceLineNo">044</span><a id="line.44"> * Simple utility class for operations used across multiple class hierarchies in the web framework code.</a>
<span class="sourceLineNo">045</span><a id="line.45"> * &lt;p/&gt;</a>
<span class="sourceLineNo">046</span><a id="line.46"> * Some methods in this class were copied from the Spring Framework so we didn't have to re-invent the wheel,</a>
<span class="sourceLineNo">047</span><a id="line.47"> * and in these cases, we have retained all license, copyright and author information.</a>
<span class="sourceLineNo">048</span><a id="line.48"> *</a>
<span class="sourceLineNo">049</span><a id="line.49"> * @since 0.9</a>
<span class="sourceLineNo">050</span><a id="line.50"> */</a>
<span class="sourceLineNo">051</span><a id="line.51">public class WebUtils {</a>
<span class="sourceLineNo">052</span><a id="line.52"></a>
<span class="sourceLineNo">053</span><a id="line.53"> //TODO - complete JavaDoc</a>
<span class="sourceLineNo">054</span><a id="line.54"></a>
<span class="sourceLineNo">055</span><a id="line.55"> private static final Logger log = LoggerFactory.getLogger(WebUtils.class);</a>
<span class="sourceLineNo">056</span><a id="line.56"></a>
<span class="sourceLineNo">057</span><a id="line.57"> public static final String SERVLET_REQUEST_KEY = ServletRequest.class.getName() + "_SHIRO_THREAD_CONTEXT_KEY";</a>
<span class="sourceLineNo">058</span><a id="line.58"> public static final String SERVLET_RESPONSE_KEY = ServletResponse.class.getName() + "_SHIRO_THREAD_CONTEXT_KEY";</a>
<span class="sourceLineNo">059</span><a id="line.59"></a>
<span class="sourceLineNo">060</span><a id="line.60"> public static final String ALLOW_BACKSLASH = "org.apache.shiro.web.ALLOW_BACKSLASH";</a>
<span class="sourceLineNo">061</span><a id="line.61"></a>
<span class="sourceLineNo">062</span><a id="line.62"> /**</a>
<span class="sourceLineNo">063</span><a id="line.63"> * {@link org.apache.shiro.session.Session Session} key used to save a request and later restore it, for example when redirecting to a</a>
<span class="sourceLineNo">064</span><a id="line.64"> * requested page after login, equal to {@code shiroSavedRequest}.</a>
<span class="sourceLineNo">065</span><a id="line.65"> */</a>
<span class="sourceLineNo">066</span><a id="line.66"> public static final String SAVED_REQUEST_KEY = "shiroSavedRequest";</a>
<span class="sourceLineNo">067</span><a id="line.67"></a>
<span class="sourceLineNo">068</span><a id="line.68"> /**</a>
<span class="sourceLineNo">069</span><a id="line.69"> * Standard Servlet 2.3+ spec request attributes for include URI and paths.</a>
<span class="sourceLineNo">070</span><a id="line.70"> * &lt;p&gt;If included via a RequestDispatcher, the current resource will see the</a>
<span class="sourceLineNo">071</span><a id="line.71"> * originating request. Its own URI and paths are exposed as request attributes.</a>
<span class="sourceLineNo">072</span><a id="line.72"> */</a>
<span class="sourceLineNo">073</span><a id="line.73"> public static final String INCLUDE_REQUEST_URI_ATTRIBUTE = "javax.servlet.include.request_uri";</a>
<span class="sourceLineNo">074</span><a id="line.74"> public static final String INCLUDE_CONTEXT_PATH_ATTRIBUTE = "javax.servlet.include.context_path";</a>
<span class="sourceLineNo">075</span><a id="line.75"> public static final String INCLUDE_SERVLET_PATH_ATTRIBUTE = "javax.servlet.include.servlet_path";</a>
<span class="sourceLineNo">076</span><a id="line.76"> public static final String INCLUDE_PATH_INFO_ATTRIBUTE = "javax.servlet.include.path_info";</a>
<span class="sourceLineNo">077</span><a id="line.77"> public static final String INCLUDE_QUERY_STRING_ATTRIBUTE = "javax.servlet.include.query_string";</a>
<span class="sourceLineNo">078</span><a id="line.78"></a>
<span class="sourceLineNo">079</span><a id="line.79"> /**</a>
<span class="sourceLineNo">080</span><a id="line.80"> * Standard Servlet 2.4+ spec request attributes for forward URI and paths.</a>
<span class="sourceLineNo">081</span><a id="line.81"> * &lt;p&gt;If forwarded to via a RequestDispatcher, the current resource will see its</a>
<span class="sourceLineNo">082</span><a id="line.82"> * own URI and paths. The originating URI and paths are exposed as request attributes.</a>
<span class="sourceLineNo">083</span><a id="line.83"> */</a>
<span class="sourceLineNo">084</span><a id="line.84"> public static final String FORWARD_REQUEST_URI_ATTRIBUTE = "javax.servlet.forward.request_uri";</a>
<span class="sourceLineNo">085</span><a id="line.85"> public static final String FORWARD_CONTEXT_PATH_ATTRIBUTE = "javax.servlet.forward.context_path";</a>
<span class="sourceLineNo">086</span><a id="line.86"> public static final String FORWARD_SERVLET_PATH_ATTRIBUTE = "javax.servlet.forward.servlet_path";</a>
<span class="sourceLineNo">087</span><a id="line.87"> public static final String FORWARD_PATH_INFO_ATTRIBUTE = "javax.servlet.forward.path_info";</a>
<span class="sourceLineNo">088</span><a id="line.88"> public static final String FORWARD_QUERY_STRING_ATTRIBUTE = "javax.servlet.forward.query_string";</a>
<span class="sourceLineNo">089</span><a id="line.89"></a>
<span class="sourceLineNo">090</span><a id="line.90"> /**</a>
<span class="sourceLineNo">091</span><a id="line.91"> * Default character encoding to use when &lt;code&gt;request.getCharacterEncoding&lt;/code&gt;</a>
<span class="sourceLineNo">092</span><a id="line.92"> * returns &lt;code&gt;null&lt;/code&gt;, according to the Servlet spec.</a>
<span class="sourceLineNo">093</span><a id="line.93"> *</a>
<span class="sourceLineNo">094</span><a id="line.94"> * @see javax.servlet.ServletRequest#getCharacterEncoding</a>
<span class="sourceLineNo">095</span><a id="line.95"> */</a>
<span class="sourceLineNo">096</span><a id="line.96"> public static final String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1";</a>
<span class="sourceLineNo">097</span><a id="line.97"></a>
<span class="sourceLineNo">098</span><a id="line.98"> /**</a>
<span class="sourceLineNo">099</span><a id="line.99"> * Return the path within the web application for the given request.</a>
<span class="sourceLineNo">100</span><a id="line.100"> * Detects include request URL if called within a RequestDispatcher include.</a>
<span class="sourceLineNo">101</span><a id="line.101"> * &lt;p/&gt;</a>
<span class="sourceLineNo">102</span><a id="line.102"> * For example, for a request to URL</a>
<span class="sourceLineNo">103</span><a id="line.103"> * &lt;p/&gt;</a>
<span class="sourceLineNo">104</span><a id="line.104"> * &lt;code&gt;http://www.somehost.com/myapp/my/url.jsp&lt;/code&gt;,</a>
<span class="sourceLineNo">105</span><a id="line.105"> * &lt;p/&gt;</a>
<span class="sourceLineNo">106</span><a id="line.106"> * for an application deployed to &lt;code&gt;/mayapp&lt;/code&gt; (the application's context path), this method would return</a>
<span class="sourceLineNo">107</span><a id="line.107"> * &lt;p/&gt;</a>
<span class="sourceLineNo">108</span><a id="line.108"> * &lt;code&gt;/my/url.jsp&lt;/code&gt;.</a>
<span class="sourceLineNo">109</span><a id="line.109"> *</a>
<span class="sourceLineNo">110</span><a id="line.110"> * @param request current HTTP request</a>
<span class="sourceLineNo">111</span><a id="line.111"> * @return the path within the web application</a>
<span class="sourceLineNo">112</span><a id="line.112"> */</a>
<span class="sourceLineNo">113</span><a id="line.113"> public static String getPathWithinApplication(HttpServletRequest request) {</a>
<span class="sourceLineNo">114</span><a id="line.114"> return normalize(removeSemicolon(getServletPath(request) + getPathInfo(request)));</a>
<span class="sourceLineNo">115</span><a id="line.115"> }</a>
<span class="sourceLineNo">116</span><a id="line.116"></a>
<span class="sourceLineNo">117</span><a id="line.117"> /**</a>
<span class="sourceLineNo">118</span><a id="line.118"> * Return the request URI for the given request, detecting an include request</a>
<span class="sourceLineNo">119</span><a id="line.119"> * URL if called within a RequestDispatcher include.</a>
<span class="sourceLineNo">120</span><a id="line.120"> * &lt;p&gt;As the value returned by &lt;code&gt;request.getRequestURI()&lt;/code&gt; is &lt;i&gt;not&lt;/i&gt;</a>
<span class="sourceLineNo">121</span><a id="line.121"> * decoded by the servlet container, this method will decode it.</a>
<span class="sourceLineNo">122</span><a id="line.122"> * &lt;p&gt;The URI that the web container resolves &lt;i&gt;should&lt;/i&gt; be correct, but some</a>
<span class="sourceLineNo">123</span><a id="line.123"> * containers like JBoss/Jetty incorrectly include ";" strings like ";jsessionid"</a>
<span class="sourceLineNo">124</span><a id="line.124"> * in the URI. This method cuts off such incorrect appendices.</a>
<span class="sourceLineNo">125</span><a id="line.125"> *</a>
<span class="sourceLineNo">126</span><a id="line.126"> * @param request current HTTP request</a>
<span class="sourceLineNo">127</span><a id="line.127"> * @return the request URI</a>
<span class="sourceLineNo">128</span><a id="line.128"> * @deprecated use getPathWithinApplication() to get the path minus the context path, or call HttpServletRequest.getRequestURI() directly from your code.</a>
<span class="sourceLineNo">129</span><a id="line.129"> */</a>
<span class="sourceLineNo">130</span><a id="line.130"> @Deprecated</a>
<span class="sourceLineNo">131</span><a id="line.131"> public static String getRequestUri(HttpServletRequest request) {</a>
<span class="sourceLineNo">132</span><a id="line.132"> String uri = (String) request.getAttribute(INCLUDE_REQUEST_URI_ATTRIBUTE);</a>
<span class="sourceLineNo">133</span><a id="line.133"> if (uri == null) {</a>
<span class="sourceLineNo">134</span><a id="line.134"> uri = request.getRequestURI();</a>
<span class="sourceLineNo">135</span><a id="line.135"> }</a>
<span class="sourceLineNo">136</span><a id="line.136"> return normalize(decodeAndCleanUriString(request, uri));</a>
<span class="sourceLineNo">137</span><a id="line.137"> }</a>
<span class="sourceLineNo">138</span><a id="line.138"></a>
<span class="sourceLineNo">139</span><a id="line.139"> private static String getServletPath(HttpServletRequest request) {</a>
<span class="sourceLineNo">140</span><a id="line.140"> String servletPath = (String) request.getAttribute(INCLUDE_SERVLET_PATH_ATTRIBUTE);</a>
<span class="sourceLineNo">141</span><a id="line.141"> return servletPath != null ? servletPath : valueOrEmpty(request.getServletPath());</a>
<span class="sourceLineNo">142</span><a id="line.142"> }</a>
<span class="sourceLineNo">143</span><a id="line.143"></a>
<span class="sourceLineNo">144</span><a id="line.144"> private static String getPathInfo(HttpServletRequest request) {</a>
<span class="sourceLineNo">145</span><a id="line.145"> String pathInfo = (String) request.getAttribute(INCLUDE_PATH_INFO_ATTRIBUTE);</a>
<span class="sourceLineNo">146</span><a id="line.146"> return pathInfo != null ? pathInfo : valueOrEmpty(request.getPathInfo());</a>
<span class="sourceLineNo">147</span><a id="line.147"> }</a>
<span class="sourceLineNo">148</span><a id="line.148"></a>
<span class="sourceLineNo">149</span><a id="line.149"> private static String valueOrEmpty(String input) {</a>
<span class="sourceLineNo">150</span><a id="line.150"> if (input == null) {</a>
<span class="sourceLineNo">151</span><a id="line.151"> return "";</a>
<span class="sourceLineNo">152</span><a id="line.152"> }</a>
<span class="sourceLineNo">153</span><a id="line.153"> return input;</a>
<span class="sourceLineNo">154</span><a id="line.154"> }</a>
<span class="sourceLineNo">155</span><a id="line.155"></a>
<span class="sourceLineNo">156</span><a id="line.156"> /**</a>
<span class="sourceLineNo">157</span><a id="line.157"> * Normalize a relative URI path that may have relative values ("/./",</a>
<span class="sourceLineNo">158</span><a id="line.158"> * "/../", and so on ) it it. &lt;strong&gt;WARNING&lt;/strong&gt; - This method is</a>
<span class="sourceLineNo">159</span><a id="line.159"> * useful only for normalizing application-generated paths. It does not</a>
<span class="sourceLineNo">160</span><a id="line.160"> * try to perform security checks for malicious input.</a>
<span class="sourceLineNo">161</span><a id="line.161"> * Normalize operations were was happily taken from org.apache.catalina.util.RequestUtil in</a>
<span class="sourceLineNo">162</span><a id="line.162"> * Tomcat trunk, r939305</a>
<span class="sourceLineNo">163</span><a id="line.163"> *</a>
<span class="sourceLineNo">164</span><a id="line.164"> * @param path Relative path to be normalized</a>
<span class="sourceLineNo">165</span><a id="line.165"> * @return normalized path</a>
<span class="sourceLineNo">166</span><a id="line.166"> */</a>
<span class="sourceLineNo">167</span><a id="line.167"> public static String normalize(String path) {</a>
<span class="sourceLineNo">168</span><a id="line.168"> return normalize(path, Boolean.getBoolean(ALLOW_BACKSLASH));</a>
<span class="sourceLineNo">169</span><a id="line.169"> }</a>
<span class="sourceLineNo">170</span><a id="line.170"></a>
<span class="sourceLineNo">171</span><a id="line.171"> /**</a>
<span class="sourceLineNo">172</span><a id="line.172"> * Normalize a relative URI path that may have relative values ("/./",</a>
<span class="sourceLineNo">173</span><a id="line.173"> * "/../", and so on ) it it. &lt;strong&gt;WARNING&lt;/strong&gt; - This method is</a>
<span class="sourceLineNo">174</span><a id="line.174"> * useful only for normalizing application-generated paths. It does not</a>
<span class="sourceLineNo">175</span><a id="line.175"> * try to perform security checks for malicious input.</a>
<span class="sourceLineNo">176</span><a id="line.176"> * Normalize operations were was happily taken from org.apache.catalina.util.RequestUtil in</a>
<span class="sourceLineNo">177</span><a id="line.177"> * Tomcat trunk, r939305</a>
<span class="sourceLineNo">178</span><a id="line.178"> *</a>
<span class="sourceLineNo">179</span><a id="line.179"> * @param path Relative path to be normalized</a>
<span class="sourceLineNo">180</span><a id="line.180"> * @param replaceBackSlash Should '\\' be replaced with '/'</a>
<span class="sourceLineNo">181</span><a id="line.181"> * @return normalized path</a>
<span class="sourceLineNo">182</span><a id="line.182"> */</a>
<span class="sourceLineNo">183</span><a id="line.183"> private static String normalize(String path, boolean replaceBackSlash) {</a>
<span class="sourceLineNo">184</span><a id="line.184"></a>
<span class="sourceLineNo">185</span><a id="line.185"> if (path == null)</a>
<span class="sourceLineNo">186</span><a id="line.186"> return null;</a>
<span class="sourceLineNo">187</span><a id="line.187"></a>
<span class="sourceLineNo">188</span><a id="line.188"> // Create a place for the normalized path</a>
<span class="sourceLineNo">189</span><a id="line.189"> String normalized = path;</a>
<span class="sourceLineNo">190</span><a id="line.190"></a>
<span class="sourceLineNo">191</span><a id="line.191"> if (replaceBackSlash &amp;&amp; normalized.indexOf('\\') &gt;= 0)</a>
<span class="sourceLineNo">192</span><a id="line.192"> normalized = normalized.replace('\\', '/');</a>
<span class="sourceLineNo">193</span><a id="line.193"></a>
<span class="sourceLineNo">194</span><a id="line.194"> if (normalized.equals("/."))</a>
<span class="sourceLineNo">195</span><a id="line.195"> return "/";</a>
<span class="sourceLineNo">196</span><a id="line.196"></a>
<span class="sourceLineNo">197</span><a id="line.197"> // Add a leading "/" if necessary</a>
<span class="sourceLineNo">198</span><a id="line.198"> if (!normalized.startsWith("/"))</a>
<span class="sourceLineNo">199</span><a id="line.199"> normalized = "/" + normalized;</a>
<span class="sourceLineNo">200</span><a id="line.200"></a>
<span class="sourceLineNo">201</span><a id="line.201"> // Resolve occurrences of "//" in the normalized path</a>
<span class="sourceLineNo">202</span><a id="line.202"> while (true) {</a>
<span class="sourceLineNo">203</span><a id="line.203"> int index = normalized.indexOf("//");</a>
<span class="sourceLineNo">204</span><a id="line.204"> if (index &lt; 0)</a>
<span class="sourceLineNo">205</span><a id="line.205"> break;</a>
<span class="sourceLineNo">206</span><a id="line.206"> normalized = normalized.substring(0, index) +</a>
<span class="sourceLineNo">207</span><a id="line.207"> normalized.substring(index + 1);</a>
<span class="sourceLineNo">208</span><a id="line.208"> }</a>
<span class="sourceLineNo">209</span><a id="line.209"></a>
<span class="sourceLineNo">210</span><a id="line.210"> // Resolve occurrences of "/./" in the normalized path</a>
<span class="sourceLineNo">211</span><a id="line.211"> while (true) {</a>
<span class="sourceLineNo">212</span><a id="line.212"> int index = normalized.indexOf("/./");</a>
<span class="sourceLineNo">213</span><a id="line.213"> if (index &lt; 0)</a>
<span class="sourceLineNo">214</span><a id="line.214"> break;</a>
<span class="sourceLineNo">215</span><a id="line.215"> normalized = normalized.substring(0, index) +</a>
<span class="sourceLineNo">216</span><a id="line.216"> normalized.substring(index + 2);</a>
<span class="sourceLineNo">217</span><a id="line.217"> }</a>
<span class="sourceLineNo">218</span><a id="line.218"></a>
<span class="sourceLineNo">219</span><a id="line.219"> // Resolve occurrences of "/../" in the normalized path</a>
<span class="sourceLineNo">220</span><a id="line.220"> while (true) {</a>
<span class="sourceLineNo">221</span><a id="line.221"> int index = normalized.indexOf("/../");</a>
<span class="sourceLineNo">222</span><a id="line.222"> if (index &lt; 0)</a>
<span class="sourceLineNo">223</span><a id="line.223"> break;</a>
<span class="sourceLineNo">224</span><a id="line.224"> if (index == 0)</a>
<span class="sourceLineNo">225</span><a id="line.225"> return (null); // Trying to go outside our context</a>
<span class="sourceLineNo">226</span><a id="line.226"> int index2 = normalized.lastIndexOf('/', index - 1);</a>
<span class="sourceLineNo">227</span><a id="line.227"> normalized = normalized.substring(0, index2) +</a>
<span class="sourceLineNo">228</span><a id="line.228"> normalized.substring(index + 3);</a>
<span class="sourceLineNo">229</span><a id="line.229"> }</a>
<span class="sourceLineNo">230</span><a id="line.230"></a>
<span class="sourceLineNo">231</span><a id="line.231"> // Return the normalized path that we have completed</a>
<span class="sourceLineNo">232</span><a id="line.232"> return (normalized);</a>
<span class="sourceLineNo">233</span><a id="line.233"></a>
<span class="sourceLineNo">234</span><a id="line.234"> }</a>
<span class="sourceLineNo">235</span><a id="line.235"></a>
<span class="sourceLineNo">236</span><a id="line.236"></a>
<span class="sourceLineNo">237</span><a id="line.237"> /**</a>
<span class="sourceLineNo">238</span><a id="line.238"> * Decode the supplied URI string and strips any extraneous portion after a ';'.</a>
<span class="sourceLineNo">239</span><a id="line.239"> *</a>
<span class="sourceLineNo">240</span><a id="line.240"> * @param request the incoming HttpServletRequest</a>
<span class="sourceLineNo">241</span><a id="line.241"> * @param uri the application's URI string</a>
<span class="sourceLineNo">242</span><a id="line.242"> * @return the supplied URI string stripped of any extraneous portion after a ';'.</a>
<span class="sourceLineNo">243</span><a id="line.243"> */</a>
<span class="sourceLineNo">244</span><a id="line.244"> private static String decodeAndCleanUriString(HttpServletRequest request, String uri) {</a>
<span class="sourceLineNo">245</span><a id="line.245"> uri = decodeRequestString(request, uri);</a>
<span class="sourceLineNo">246</span><a id="line.246"> return removeSemicolon(uri);</a>
<span class="sourceLineNo">247</span><a id="line.247"> }</a>
<span class="sourceLineNo">248</span><a id="line.248"></a>
<span class="sourceLineNo">249</span><a id="line.249"> private static String removeSemicolon(String uri) {</a>
<span class="sourceLineNo">250</span><a id="line.250"> int semicolonIndex = uri.indexOf(';');</a>
<span class="sourceLineNo">251</span><a id="line.251"> return (semicolonIndex != -1 ? uri.substring(0, semicolonIndex) : uri);</a>
<span class="sourceLineNo">252</span><a id="line.252"> }</a>
<span class="sourceLineNo">253</span><a id="line.253"></a>
<span class="sourceLineNo">254</span><a id="line.254"> /**</a>
<span class="sourceLineNo">255</span><a id="line.255"> * Return the context path for the given request, detecting an include request</a>
<span class="sourceLineNo">256</span><a id="line.256"> * URL if called within a RequestDispatcher include.</a>
<span class="sourceLineNo">257</span><a id="line.257"> * &lt;p&gt;As the value returned by &lt;code&gt;request.getContextPath()&lt;/code&gt; is &lt;i&gt;not&lt;/i&gt;</a>
<span class="sourceLineNo">258</span><a id="line.258"> * decoded by the servlet container, this method will decode it.</a>
<span class="sourceLineNo">259</span><a id="line.259"> *</a>
<span class="sourceLineNo">260</span><a id="line.260"> * @param request current HTTP request</a>
<span class="sourceLineNo">261</span><a id="line.261"> * @return the context path</a>
<span class="sourceLineNo">262</span><a id="line.262"> */</a>
<span class="sourceLineNo">263</span><a id="line.263"> public static String getContextPath(HttpServletRequest request) {</a>
<span class="sourceLineNo">264</span><a id="line.264"> String contextPath = (String) request.getAttribute(INCLUDE_CONTEXT_PATH_ATTRIBUTE);</a>
<span class="sourceLineNo">265</span><a id="line.265"> if (contextPath == null) {</a>
<span class="sourceLineNo">266</span><a id="line.266"> contextPath = request.getContextPath();</a>
<span class="sourceLineNo">267</span><a id="line.267"> }</a>
<span class="sourceLineNo">268</span><a id="line.268"> contextPath = normalize(decodeRequestString(request, contextPath));</a>
<span class="sourceLineNo">269</span><a id="line.269"> if ("/".equals(contextPath)) {</a>
<span class="sourceLineNo">270</span><a id="line.270"> // the normalize method will return a "/" and includes on Jetty, will also be a "/".</a>
<span class="sourceLineNo">271</span><a id="line.271"> contextPath = "";</a>
<span class="sourceLineNo">272</span><a id="line.272"> }</a>
<span class="sourceLineNo">273</span><a id="line.273"> return contextPath;</a>
<span class="sourceLineNo">274</span><a id="line.274"> }</a>
<span class="sourceLineNo">275</span><a id="line.275"></a>
<span class="sourceLineNo">276</span><a id="line.276"> /**</a>
<span class="sourceLineNo">277</span><a id="line.277"> * Find the Shiro {@link WebEnvironment} for this web application, which is typically loaded via the</a>
<span class="sourceLineNo">278</span><a id="line.278"> * {@link org.apache.shiro.web.env.EnvironmentLoaderListener}.</a>
<span class="sourceLineNo">279</span><a id="line.279"> * &lt;p/&gt;</a>
<span class="sourceLineNo">280</span><a id="line.280"> * This implementation rethrows an exception that happened on environment startup to differentiate between a failed</a>
<span class="sourceLineNo">281</span><a id="line.281"> * environment startup and no environment at all.</a>
<span class="sourceLineNo">282</span><a id="line.282"> *</a>
<span class="sourceLineNo">283</span><a id="line.283"> * @param sc ServletContext to find the web application context for</a>
<span class="sourceLineNo">284</span><a id="line.284"> * @return the root WebApplicationContext for this web app</a>
<span class="sourceLineNo">285</span><a id="line.285"> * @throws IllegalStateException if the root WebApplicationContext could not be found</a>
<span class="sourceLineNo">286</span><a id="line.286"> * @see org.apache.shiro.web.env.EnvironmentLoader#ENVIRONMENT_ATTRIBUTE_KEY</a>
<span class="sourceLineNo">287</span><a id="line.287"> * @since 1.2</a>
<span class="sourceLineNo">288</span><a id="line.288"> */</a>
<span class="sourceLineNo">289</span><a id="line.289"> public static WebEnvironment getRequiredWebEnvironment(ServletContext sc)</a>
<span class="sourceLineNo">290</span><a id="line.290"> throws IllegalStateException {</a>
<span class="sourceLineNo">291</span><a id="line.291"></a>
<span class="sourceLineNo">292</span><a id="line.292"> WebEnvironment we = getWebEnvironment(sc);</a>
<span class="sourceLineNo">293</span><a id="line.293"> if (we == null) {</a>
<span class="sourceLineNo">294</span><a id="line.294"> throw new IllegalStateException("No WebEnvironment found: no EnvironmentLoaderListener registered?");</a>
<span class="sourceLineNo">295</span><a id="line.295"> }</a>
<span class="sourceLineNo">296</span><a id="line.296"> return we;</a>
<span class="sourceLineNo">297</span><a id="line.297"> }</a>
<span class="sourceLineNo">298</span><a id="line.298"></a>
<span class="sourceLineNo">299</span><a id="line.299"> /**</a>
<span class="sourceLineNo">300</span><a id="line.300"> * Find the Shiro {@link WebEnvironment} for this web application, which is typically loaded via</a>
<span class="sourceLineNo">301</span><a id="line.301"> * {@link org.apache.shiro.web.env.EnvironmentLoaderListener}.</a>
<span class="sourceLineNo">302</span><a id="line.302"> * &lt;p/&gt;</a>
<span class="sourceLineNo">303</span><a id="line.303"> * This implementation rethrows an exception that happened on environment startup to differentiate between a failed</a>
<span class="sourceLineNo">304</span><a id="line.304"> * environment startup and no environment at all.</a>
<span class="sourceLineNo">305</span><a id="line.305"> *</a>
<span class="sourceLineNo">306</span><a id="line.306"> * @param sc ServletContext to find the web application context for</a>
<span class="sourceLineNo">307</span><a id="line.307"> * @return the root WebApplicationContext for this web app, or &lt;code&gt;null&lt;/code&gt; if none</a>
<span class="sourceLineNo">308</span><a id="line.308"> * @see org.apache.shiro.web.env.EnvironmentLoader#ENVIRONMENT_ATTRIBUTE_KEY</a>
<span class="sourceLineNo">309</span><a id="line.309"> * @since 1.2</a>
<span class="sourceLineNo">310</span><a id="line.310"> */</a>
<span class="sourceLineNo">311</span><a id="line.311"> public static WebEnvironment getWebEnvironment(ServletContext sc) {</a>
<span class="sourceLineNo">312</span><a id="line.312"> return getWebEnvironment(sc, EnvironmentLoader.ENVIRONMENT_ATTRIBUTE_KEY);</a>
<span class="sourceLineNo">313</span><a id="line.313"> }</a>
<span class="sourceLineNo">314</span><a id="line.314"></a>
<span class="sourceLineNo">315</span><a id="line.315"> /**</a>
<span class="sourceLineNo">316</span><a id="line.316"> * Find the Shiro {@link WebEnvironment} for this web application.</a>
<span class="sourceLineNo">317</span><a id="line.317"> *</a>
<span class="sourceLineNo">318</span><a id="line.318"> * @param sc ServletContext to find the web application context for</a>
<span class="sourceLineNo">319</span><a id="line.319"> * @param attrName the name of the ServletContext attribute to look for</a>
<span class="sourceLineNo">320</span><a id="line.320"> * @return the desired WebEnvironment for this web app, or &lt;code&gt;null&lt;/code&gt; if none</a>
<span class="sourceLineNo">321</span><a id="line.321"> * @since 1.2</a>
<span class="sourceLineNo">322</span><a id="line.322"> */</a>
<span class="sourceLineNo">323</span><a id="line.323"> public static WebEnvironment getWebEnvironment(ServletContext sc, String attrName) {</a>
<span class="sourceLineNo">324</span><a id="line.324"> if (sc == null) {</a>
<span class="sourceLineNo">325</span><a id="line.325"> throw new IllegalArgumentException("ServletContext argument must not be null.");</a>
<span class="sourceLineNo">326</span><a id="line.326"> }</a>
<span class="sourceLineNo">327</span><a id="line.327"> Object attr = sc.getAttribute(attrName);</a>
<span class="sourceLineNo">328</span><a id="line.328"> if (attr == null) {</a>
<span class="sourceLineNo">329</span><a id="line.329"> return null;</a>
<span class="sourceLineNo">330</span><a id="line.330"> }</a>
<span class="sourceLineNo">331</span><a id="line.331"> if (attr instanceof RuntimeException) {</a>
<span class="sourceLineNo">332</span><a id="line.332"> throw (RuntimeException) attr;</a>
<span class="sourceLineNo">333</span><a id="line.333"> }</a>
<span class="sourceLineNo">334</span><a id="line.334"> if (attr instanceof Error) {</a>
<span class="sourceLineNo">335</span><a id="line.335"> throw (Error) attr;</a>
<span class="sourceLineNo">336</span><a id="line.336"> }</a>
<span class="sourceLineNo">337</span><a id="line.337"> if (attr instanceof Exception) {</a>
<span class="sourceLineNo">338</span><a id="line.338"> throw new IllegalStateException((Exception) attr);</a>
<span class="sourceLineNo">339</span><a id="line.339"> }</a>
<span class="sourceLineNo">340</span><a id="line.340"> if (!(attr instanceof WebEnvironment)) {</a>
<span class="sourceLineNo">341</span><a id="line.341"> throw new IllegalStateException("Context attribute is not of type WebEnvironment: " + attr);</a>
<span class="sourceLineNo">342</span><a id="line.342"> }</a>
<span class="sourceLineNo">343</span><a id="line.343"> return (WebEnvironment) attr;</a>
<span class="sourceLineNo">344</span><a id="line.344"> }</a>
<span class="sourceLineNo">345</span><a id="line.345"></a>
<span class="sourceLineNo">346</span><a id="line.346"></a>
<span class="sourceLineNo">347</span><a id="line.347"> /**</a>
<span class="sourceLineNo">348</span><a id="line.348"> * Decode the given source string with a URLDecoder. The encoding will be taken</a>
<span class="sourceLineNo">349</span><a id="line.349"> * from the request, falling back to the default "ISO-8859-1".</a>
<span class="sourceLineNo">350</span><a id="line.350"> * &lt;p&gt;The default implementation uses &lt;code&gt;URLDecoder.decode(input, enc)&lt;/code&gt;.</a>
<span class="sourceLineNo">351</span><a id="line.351"> *</a>
<span class="sourceLineNo">352</span><a id="line.352"> * @param request current HTTP request</a>
<span class="sourceLineNo">353</span><a id="line.353"> * @param source the String to decode</a>
<span class="sourceLineNo">354</span><a id="line.354"> * @return the decoded String</a>
<span class="sourceLineNo">355</span><a id="line.355"> * @see #DEFAULT_CHARACTER_ENCODING</a>
<span class="sourceLineNo">356</span><a id="line.356"> * @see javax.servlet.ServletRequest#getCharacterEncoding</a>
<span class="sourceLineNo">357</span><a id="line.357"> * @see java.net.URLDecoder#decode(String, String)</a>
<span class="sourceLineNo">358</span><a id="line.358"> * @see java.net.URLDecoder#decode(String)</a>
<span class="sourceLineNo">359</span><a id="line.359"> */</a>
<span class="sourceLineNo">360</span><a id="line.360"> @SuppressWarnings({"deprecation"})</a>
<span class="sourceLineNo">361</span><a id="line.361"> public static String decodeRequestString(HttpServletRequest request, String source) {</a>
<span class="sourceLineNo">362</span><a id="line.362"> String enc = determineEncoding(request);</a>
<span class="sourceLineNo">363</span><a id="line.363"> try {</a>
<span class="sourceLineNo">364</span><a id="line.364"> return URLDecoder.decode(source, enc);</a>
<span class="sourceLineNo">365</span><a id="line.365"> } catch (UnsupportedEncodingException ex) {</a>
<span class="sourceLineNo">366</span><a id="line.366"> if (log.isWarnEnabled()) {</a>
<span class="sourceLineNo">367</span><a id="line.367"> log.warn("Could not decode request string [" + Encode.forHtml(source) + "] with encoding '" + Encode.forHtml(enc) +</a>
<span class="sourceLineNo">368</span><a id="line.368"> "': falling back to platform default encoding; exception message: " + ex.getMessage());</a>
<span class="sourceLineNo">369</span><a id="line.369"> }</a>
<span class="sourceLineNo">370</span><a id="line.370"> return URLDecoder.decode(source);</a>
<span class="sourceLineNo">371</span><a id="line.371"> }</a>
<span class="sourceLineNo">372</span><a id="line.372"> }</a>
<span class="sourceLineNo">373</span><a id="line.373"></a>
<span class="sourceLineNo">374</span><a id="line.374"> /**</a>
<span class="sourceLineNo">375</span><a id="line.375"> * Determine the encoding for the given request.</a>
<span class="sourceLineNo">376</span><a id="line.376"> * Can be overridden in subclasses.</a>
<span class="sourceLineNo">377</span><a id="line.377"> * &lt;p&gt;The default implementation checks the request's</a>
<span class="sourceLineNo">378</span><a id="line.378"> * {@link ServletRequest#getCharacterEncoding() character encoding}, and if that</a>
<span class="sourceLineNo">379</span><a id="line.379"> * &lt;code&gt;null&lt;/code&gt;, falls back to the {@link #DEFAULT_CHARACTER_ENCODING}.</a>
<span class="sourceLineNo">380</span><a id="line.380"> *</a>
<span class="sourceLineNo">381</span><a id="line.381"> * @param request current HTTP request</a>
<span class="sourceLineNo">382</span><a id="line.382"> * @return the encoding for the request (never &lt;code&gt;null&lt;/code&gt;)</a>
<span class="sourceLineNo">383</span><a id="line.383"> * @see javax.servlet.ServletRequest#getCharacterEncoding()</a>
<span class="sourceLineNo">384</span><a id="line.384"> */</a>
<span class="sourceLineNo">385</span><a id="line.385"> protected static String determineEncoding(HttpServletRequest request) {</a>
<span class="sourceLineNo">386</span><a id="line.386"> String enc = request.getCharacterEncoding();</a>
<span class="sourceLineNo">387</span><a id="line.387"> if (enc == null) {</a>
<span class="sourceLineNo">388</span><a id="line.388"> enc = DEFAULT_CHARACTER_ENCODING;</a>
<span class="sourceLineNo">389</span><a id="line.389"> }</a>
<span class="sourceLineNo">390</span><a id="line.390"> return enc;</a>
<span class="sourceLineNo">391</span><a id="line.391"> }</a>
<span class="sourceLineNo">392</span><a id="line.392"></a>
<span class="sourceLineNo">393</span><a id="line.393"> /*</a>
<span class="sourceLineNo">394</span><a id="line.394"> * Returns {@code true} IFF the specified {@code SubjectContext}:</a>
<span class="sourceLineNo">395</span><a id="line.395"> * &lt;ol&gt;</a>
<span class="sourceLineNo">396</span><a id="line.396"> * &lt;li&gt;A {@link WebSubjectContext} instance&lt;/li&gt;</a>
<span class="sourceLineNo">397</span><a id="line.397"> * &lt;li&gt;The {@code WebSubjectContext}'s request/response pair are not null&lt;/li&gt;</a>
<span class="sourceLineNo">398</span><a id="line.398"> * &lt;li&gt;The request is an {@link HttpServletRequest} instance&lt;/li&gt;</a>
<span class="sourceLineNo">399</span><a id="line.399"> * &lt;li&gt;The response is an {@link HttpServletResponse} instance&lt;/li&gt;</a>
<span class="sourceLineNo">400</span><a id="line.400"> * &lt;/ol&gt;</a>
<span class="sourceLineNo">401</span><a id="line.401"> *</a>
<span class="sourceLineNo">402</span><a id="line.402"> * @param context the SubjectContext to check to see if it is HTTP compatible.</a>
<span class="sourceLineNo">403</span><a id="line.403"> * @return {@code true} IFF the specified context has HTTP request/response objects, {@code false} otherwise.</a>
<span class="sourceLineNo">404</span><a id="line.404"> * @since 1.0</a>
<span class="sourceLineNo">405</span><a id="line.405"> */</a>
<span class="sourceLineNo">406</span><a id="line.406"></a>
<span class="sourceLineNo">407</span><a id="line.407"> public static boolean isWeb(Object requestPairSource) {</a>
<span class="sourceLineNo">408</span><a id="line.408"> return requestPairSource instanceof RequestPairSource &amp;&amp; isWeb((RequestPairSource) requestPairSource);</a>
<span class="sourceLineNo">409</span><a id="line.409"> }</a>
<span class="sourceLineNo">410</span><a id="line.410"></a>
<span class="sourceLineNo">411</span><a id="line.411"> public static boolean isHttp(Object requestPairSource) {</a>
<span class="sourceLineNo">412</span><a id="line.412"> return requestPairSource instanceof RequestPairSource &amp;&amp; isHttp((RequestPairSource) requestPairSource);</a>
<span class="sourceLineNo">413</span><a id="line.413"> }</a>
<span class="sourceLineNo">414</span><a id="line.414"></a>
<span class="sourceLineNo">415</span><a id="line.415"> public static ServletRequest getRequest(Object requestPairSource) {</a>
<span class="sourceLineNo">416</span><a id="line.416"> if (requestPairSource instanceof RequestPairSource) {</a>
<span class="sourceLineNo">417</span><a id="line.417"> return ((RequestPairSource) requestPairSource).getServletRequest();</a>
<span class="sourceLineNo">418</span><a id="line.418"> }</a>
<span class="sourceLineNo">419</span><a id="line.419"> return null;</a>
<span class="sourceLineNo">420</span><a id="line.420"> }</a>
<span class="sourceLineNo">421</span><a id="line.421"></a>
<span class="sourceLineNo">422</span><a id="line.422"> public static ServletResponse getResponse(Object requestPairSource) {</a>
<span class="sourceLineNo">423</span><a id="line.423"> if (requestPairSource instanceof RequestPairSource) {</a>
<span class="sourceLineNo">424</span><a id="line.424"> return ((RequestPairSource) requestPairSource).getServletResponse();</a>
<span class="sourceLineNo">425</span><a id="line.425"> }</a>
<span class="sourceLineNo">426</span><a id="line.426"> return null;</a>
<span class="sourceLineNo">427</span><a id="line.427"> }</a>
<span class="sourceLineNo">428</span><a id="line.428"></a>
<span class="sourceLineNo">429</span><a id="line.429"> public static HttpServletRequest getHttpRequest(Object requestPairSource) {</a>
<span class="sourceLineNo">430</span><a id="line.430"> ServletRequest request = getRequest(requestPairSource);</a>
<span class="sourceLineNo">431</span><a id="line.431"> if (request instanceof HttpServletRequest) {</a>
<span class="sourceLineNo">432</span><a id="line.432"> return (HttpServletRequest) request;</a>
<span class="sourceLineNo">433</span><a id="line.433"> }</a>
<span class="sourceLineNo">434</span><a id="line.434"> return null;</a>
<span class="sourceLineNo">435</span><a id="line.435"> }</a>
<span class="sourceLineNo">436</span><a id="line.436"></a>
<span class="sourceLineNo">437</span><a id="line.437"> public static HttpServletResponse getHttpResponse(Object requestPairSource) {</a>
<span class="sourceLineNo">438</span><a id="line.438"> ServletResponse response = getResponse(requestPairSource);</a>
<span class="sourceLineNo">439</span><a id="line.439"> if (response instanceof HttpServletResponse) {</a>
<span class="sourceLineNo">440</span><a id="line.440"> return (HttpServletResponse) response;</a>
<span class="sourceLineNo">441</span><a id="line.441"> }</a>
<span class="sourceLineNo">442</span><a id="line.442"> return null;</a>
<span class="sourceLineNo">443</span><a id="line.443"> }</a>
<span class="sourceLineNo">444</span><a id="line.444"></a>
<span class="sourceLineNo">445</span><a id="line.445"> private static boolean isWeb(RequestPairSource source) {</a>
<span class="sourceLineNo">446</span><a id="line.446"> ServletRequest request = source.getServletRequest();</a>
<span class="sourceLineNo">447</span><a id="line.447"> ServletResponse response = source.getServletResponse();</a>
<span class="sourceLineNo">448</span><a id="line.448"> return request != null &amp;&amp; response != null;</a>
<span class="sourceLineNo">449</span><a id="line.449"> }</a>
<span class="sourceLineNo">450</span><a id="line.450"></a>
<span class="sourceLineNo">451</span><a id="line.451"> private static boolean isHttp(RequestPairSource source) {</a>
<span class="sourceLineNo">452</span><a id="line.452"> ServletRequest request = source.getServletRequest();</a>
<span class="sourceLineNo">453</span><a id="line.453"> ServletResponse response = source.getServletResponse();</a>
<span class="sourceLineNo">454</span><a id="line.454"> return request instanceof HttpServletRequest &amp;&amp; response instanceof HttpServletResponse;</a>
<span class="sourceLineNo">455</span><a id="line.455"> }</a>
<span class="sourceLineNo">456</span><a id="line.456"></a>
<span class="sourceLineNo">457</span><a id="line.457"> /**</a>
<span class="sourceLineNo">458</span><a id="line.458"> * Returns {@code true} if a session is allowed to be created for a subject-associated request, {@code false}</a>
<span class="sourceLineNo">459</span><a id="line.459"> * otherwise.</a>
<span class="sourceLineNo">460</span><a id="line.460"> * &lt;p/&gt;</a>
<span class="sourceLineNo">461</span><a id="line.461"> * &lt;b&gt;This method exists for Shiro's internal framework needs and should never be called by Shiro end-users. It</a>
<span class="sourceLineNo">462</span><a id="line.462"> * could be changed/removed at any time.&lt;/b&gt;</a>
<span class="sourceLineNo">463</span><a id="line.463"> *</a>
<span class="sourceLineNo">464</span><a id="line.464"> * @param requestPairSource a {@link RequestPairSource} instance, almost always a</a>
<span class="sourceLineNo">465</span><a id="line.465"> * {@link org.apache.shiro.web.subject.WebSubject WebSubject} instance.</a>
<span class="sourceLineNo">466</span><a id="line.466"> * @return {@code true} if a session is allowed to be created for a subject-associated request, {@code false}</a>
<span class="sourceLineNo">467</span><a id="line.467"> * otherwise.</a>
<span class="sourceLineNo">468</span><a id="line.468"> */</a>
<span class="sourceLineNo">469</span><a id="line.469"> public static boolean _isSessionCreationEnabled(Object requestPairSource) {</a>
<span class="sourceLineNo">470</span><a id="line.470"> if (requestPairSource instanceof RequestPairSource) {</a>
<span class="sourceLineNo">471</span><a id="line.471"> RequestPairSource source = (RequestPairSource) requestPairSource;</a>
<span class="sourceLineNo">472</span><a id="line.472"> return _isSessionCreationEnabled(source.getServletRequest());</a>
<span class="sourceLineNo">473</span><a id="line.473"> }</a>
<span class="sourceLineNo">474</span><a id="line.474"> return true; //by default</a>
<span class="sourceLineNo">475</span><a id="line.475"> }</a>
<span class="sourceLineNo">476</span><a id="line.476"></a>
<span class="sourceLineNo">477</span><a id="line.477"> /**</a>
<span class="sourceLineNo">478</span><a id="line.478"> * Returns {@code true} if a session is allowed to be created for a subject-associated request, {@code false}</a>
<span class="sourceLineNo">479</span><a id="line.479"> * otherwise.</a>
<span class="sourceLineNo">480</span><a id="line.480"> * &lt;p/&gt;</a>
<span class="sourceLineNo">481</span><a id="line.481"> * &lt;b&gt;This method exists for Shiro's internal framework needs and should never be called by Shiro end-users. It</a>
<span class="sourceLineNo">482</span><a id="line.482"> * could be changed/removed at any time.&lt;/b&gt;</a>
<span class="sourceLineNo">483</span><a id="line.483"> *</a>
<span class="sourceLineNo">484</span><a id="line.484"> * @param request incoming servlet request.</a>
<span class="sourceLineNo">485</span><a id="line.485"> * @return {@code true} if a session is allowed to be created for a subject-associated request, {@code false}</a>
<span class="sourceLineNo">486</span><a id="line.486"> * otherwise.</a>
<span class="sourceLineNo">487</span><a id="line.487"> */</a>
<span class="sourceLineNo">488</span><a id="line.488"> public static boolean _isSessionCreationEnabled(ServletRequest request) {</a>
<span class="sourceLineNo">489</span><a id="line.489"> if (request != null) {</a>
<span class="sourceLineNo">490</span><a id="line.490"> Object val = request.getAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED);</a>
<span class="sourceLineNo">491</span><a id="line.491"> if (val != null &amp;&amp; val instanceof Boolean) {</a>
<span class="sourceLineNo">492</span><a id="line.492"> return (Boolean) val;</a>
<span class="sourceLineNo">493</span><a id="line.493"> }</a>
<span class="sourceLineNo">494</span><a id="line.494"> }</a>
<span class="sourceLineNo">495</span><a id="line.495"> return true; //by default</a>
<span class="sourceLineNo">496</span><a id="line.496"> }</a>
<span class="sourceLineNo">497</span><a id="line.497"></a>
<span class="sourceLineNo">498</span><a id="line.498"> /**</a>
<span class="sourceLineNo">499</span><a id="line.499"> * A convenience method that merely casts the incoming &lt;code&gt;ServletRequest&lt;/code&gt; to an</a>
<span class="sourceLineNo">500</span><a id="line.500"> * &lt;code&gt;HttpServletRequest&lt;/code&gt;:</a>
<span class="sourceLineNo">501</span><a id="line.501"> * &lt;p/&gt;</a>
<span class="sourceLineNo">502</span><a id="line.502"> * &lt;code&gt;return (HttpServletRequest)request;&lt;/code&gt;</a>
<span class="sourceLineNo">503</span><a id="line.503"> * &lt;p/&gt;</a>
<span class="sourceLineNo">504</span><a id="line.504"> * Logic could be changed in the future for logging or throwing an meaningful exception in</a>
<span class="sourceLineNo">505</span><a id="line.505"> * non HTTP request environments (e.g. Portlet API).</a>
<span class="sourceLineNo">506</span><a id="line.506"> *</a>
<span class="sourceLineNo">507</span><a id="line.507"> * @param request the incoming ServletRequest</a>
<span class="sourceLineNo">508</span><a id="line.508"> * @return the &lt;code&gt;request&lt;/code&gt; argument casted to an &lt;code&gt;HttpServletRequest&lt;/code&gt;.</a>
<span class="sourceLineNo">509</span><a id="line.509"> */</a>
<span class="sourceLineNo">510</span><a id="line.510"> public static HttpServletRequest toHttp(ServletRequest request) {</a>
<span class="sourceLineNo">511</span><a id="line.511"> return (HttpServletRequest) request;</a>
<span class="sourceLineNo">512</span><a id="line.512"> }</a>
<span class="sourceLineNo">513</span><a id="line.513"></a>
<span class="sourceLineNo">514</span><a id="line.514"> /**</a>
<span class="sourceLineNo">515</span><a id="line.515"> * A convenience method that merely casts the incoming &lt;code&gt;ServletResponse&lt;/code&gt; to an</a>
<span class="sourceLineNo">516</span><a id="line.516"> * &lt;code&gt;HttpServletResponse&lt;/code&gt;:</a>
<span class="sourceLineNo">517</span><a id="line.517"> * &lt;p/&gt;</a>
<span class="sourceLineNo">518</span><a id="line.518"> * &lt;code&gt;return (HttpServletResponse)response;&lt;/code&gt;</a>
<span class="sourceLineNo">519</span><a id="line.519"> * &lt;p/&gt;</a>
<span class="sourceLineNo">520</span><a id="line.520"> * Logic could be changed in the future for logging or throwing an meaningful exception in</a>
<span class="sourceLineNo">521</span><a id="line.521"> * non HTTP request environments (e.g. Portlet API).</a>
<span class="sourceLineNo">522</span><a id="line.522"> *</a>
<span class="sourceLineNo">523</span><a id="line.523"> * @param response the outgoing ServletResponse</a>
<span class="sourceLineNo">524</span><a id="line.524"> * @return the &lt;code&gt;response&lt;/code&gt; argument casted to an &lt;code&gt;HttpServletResponse&lt;/code&gt;.</a>
<span class="sourceLineNo">525</span><a id="line.525"> */</a>
<span class="sourceLineNo">526</span><a id="line.526"> public static HttpServletResponse toHttp(ServletResponse response) {</a>
<span class="sourceLineNo">527</span><a id="line.527"> return (HttpServletResponse) response;</a>
<span class="sourceLineNo">528</span><a id="line.528"> }</a>
<span class="sourceLineNo">529</span><a id="line.529"></a>
<span class="sourceLineNo">530</span><a id="line.530"> /**</a>
<span class="sourceLineNo">531</span><a id="line.531"> * Redirects the current request to a new URL based on the given parameters.</a>
<span class="sourceLineNo">532</span><a id="line.532"> *</a>
<span class="sourceLineNo">533</span><a id="line.533"> * @param request the servlet request.</a>
<span class="sourceLineNo">534</span><a id="line.534"> * @param response the servlet response.</a>
<span class="sourceLineNo">535</span><a id="line.535"> * @param url the URL to redirect the user to.</a>
<span class="sourceLineNo">536</span><a id="line.536"> * @param queryParams a map of parameters that should be set as request parameters for the new request.</a>
<span class="sourceLineNo">537</span><a id="line.537"> * @param contextRelative true if the URL is relative to the servlet context path, or false if the URL is absolute.</a>
<span class="sourceLineNo">538</span><a id="line.538"> * @param http10Compatible whether to stay compatible with HTTP 1.0 clients.</a>
<span class="sourceLineNo">539</span><a id="line.539"> * @throws java.io.IOException if thrown by response methods.</a>
<span class="sourceLineNo">540</span><a id="line.540"> */</a>
<span class="sourceLineNo">541</span><a id="line.541"> public static void issueRedirect(ServletRequest request, ServletResponse response, String url, Map queryParams, boolean contextRelative, boolean http10Compatible) throws IOException {</a>
<span class="sourceLineNo">542</span><a id="line.542"> RedirectView view = new RedirectView(url, contextRelative, http10Compatible);</a>
<span class="sourceLineNo">543</span><a id="line.543"> view.renderMergedOutputModel(queryParams, toHttp(request), toHttp(response));</a>
<span class="sourceLineNo">544</span><a id="line.544"> }</a>
<span class="sourceLineNo">545</span><a id="line.545"></a>
<span class="sourceLineNo">546</span><a id="line.546"> /**</a>
<span class="sourceLineNo">547</span><a id="line.547"> * Redirects the current request to a new URL based on the given parameters and default values</a>
<span class="sourceLineNo">548</span><a id="line.548"> * for unspecified parameters.</a>
<span class="sourceLineNo">549</span><a id="line.549"> *</a>
<span class="sourceLineNo">550</span><a id="line.550"> * @param request the servlet request.</a>
<span class="sourceLineNo">551</span><a id="line.551"> * @param response the servlet response.</a>
<span class="sourceLineNo">552</span><a id="line.552"> * @param url the URL to redirect the user to.</a>
<span class="sourceLineNo">553</span><a id="line.553"> * @throws java.io.IOException if thrown by response methods.</a>
<span class="sourceLineNo">554</span><a id="line.554"> */</a>
<span class="sourceLineNo">555</span><a id="line.555"> public static void issueRedirect(ServletRequest request, ServletResponse response, String url) throws IOException {</a>
<span class="sourceLineNo">556</span><a id="line.556"> issueRedirect(request, response, url, null, true, true);</a>
<span class="sourceLineNo">557</span><a id="line.557"> }</a>
<span class="sourceLineNo">558</span><a id="line.558"></a>
<span class="sourceLineNo">559</span><a id="line.559"> /**</a>
<span class="sourceLineNo">560</span><a id="line.560"> * Redirects the current request to a new URL based on the given parameters and default values</a>
<span class="sourceLineNo">561</span><a id="line.561"> * for unspecified parameters.</a>
<span class="sourceLineNo">562</span><a id="line.562"> *</a>
<span class="sourceLineNo">563</span><a id="line.563"> * @param request the servlet request.</a>
<span class="sourceLineNo">564</span><a id="line.564"> * @param response the servlet response.</a>
<span class="sourceLineNo">565</span><a id="line.565"> * @param url the URL to redirect the user to.</a>
<span class="sourceLineNo">566</span><a id="line.566"> * @param queryParams a map of parameters that should be set as request parameters for the new request.</a>
<span class="sourceLineNo">567</span><a id="line.567"> * @throws java.io.IOException if thrown by response methods.</a>
<span class="sourceLineNo">568</span><a id="line.568"> */</a>
<span class="sourceLineNo">569</span><a id="line.569"> public static void issueRedirect(ServletRequest request, ServletResponse response, String url, Map queryParams) throws IOException {</a>
<span class="sourceLineNo">570</span><a id="line.570"> issueRedirect(request, response, url, queryParams, true, true);</a>
<span class="sourceLineNo">571</span><a id="line.571"> }</a>
<span class="sourceLineNo">572</span><a id="line.572"></a>
<span class="sourceLineNo">573</span><a id="line.573"> /**</a>
<span class="sourceLineNo">574</span><a id="line.574"> * Redirects the current request to a new URL based on the given parameters and default values</a>
<span class="sourceLineNo">575</span><a id="line.575"> * for unspecified parameters.</a>
<span class="sourceLineNo">576</span><a id="line.576"> *</a>
<span class="sourceLineNo">577</span><a id="line.577"> * @param request the servlet request.</a>
<span class="sourceLineNo">578</span><a id="line.578"> * @param response the servlet response.</a>
<span class="sourceLineNo">579</span><a id="line.579"> * @param url the URL to redirect the user to.</a>
<span class="sourceLineNo">580</span><a id="line.580"> * @param queryParams a map of parameters that should be set as request parameters for the new request.</a>
<span class="sourceLineNo">581</span><a id="line.581"> * @param contextRelative true if the URL is relative to the servlet context path, or false if the URL is absolute.</a>
<span class="sourceLineNo">582</span><a id="line.582"> * @throws java.io.IOException if thrown by response methods.</a>
<span class="sourceLineNo">583</span><a id="line.583"> */</a>
<span class="sourceLineNo">584</span><a id="line.584"> public static void issueRedirect(ServletRequest request, ServletResponse response, String url, Map queryParams, boolean contextRelative) throws IOException {</a>
<span class="sourceLineNo">585</span><a id="line.585"> issueRedirect(request, response, url, queryParams, contextRelative, true);</a>
<span class="sourceLineNo">586</span><a id="line.586"> }</a>
<span class="sourceLineNo">587</span><a id="line.587"></a>
<span class="sourceLineNo">588</span><a id="line.588"> /**</a>
<span class="sourceLineNo">589</span><a id="line.589"> * &lt;p&gt;Checks to see if a request param is considered true using a loose matching strategy for</a>
<span class="sourceLineNo">590</span><a id="line.590"> * general values that indicate that something is true or enabled, etc.&lt;/p&gt;</a>
<span class="sourceLineNo">591</span><a id="line.591"> * &lt;p/&gt;</a>
<span class="sourceLineNo">592</span><a id="line.592"> * &lt;p&gt;Values that are considered "true" include (case-insensitive): true, t, 1, enabled, y, yes, on.&lt;/p&gt;</a>
<span class="sourceLineNo">593</span><a id="line.593"> *</a>
<span class="sourceLineNo">594</span><a id="line.594"> * @param request the servlet request</a>
<span class="sourceLineNo">595</span><a id="line.595"> * @param paramName @return true if the param value is considered true or false if it isn't.</a>
<span class="sourceLineNo">596</span><a id="line.596"> * @return true if the given parameter is considered "true" - false otherwise.</a>
<span class="sourceLineNo">597</span><a id="line.597"> */</a>
<span class="sourceLineNo">598</span><a id="line.598"> public static boolean isTrue(ServletRequest request, String paramName) {</a>
<span class="sourceLineNo">599</span><a id="line.599"> String value = getCleanParam(request, paramName);</a>
<span class="sourceLineNo">600</span><a id="line.600"> return value != null &amp;&amp;</a>
<span class="sourceLineNo">601</span><a id="line.601"> (value.equalsIgnoreCase("true") ||</a>
<span class="sourceLineNo">602</span><a id="line.602"> value.equalsIgnoreCase("t") ||</a>
<span class="sourceLineNo">603</span><a id="line.603"> value.equalsIgnoreCase("1") ||</a>
<span class="sourceLineNo">604</span><a id="line.604"> value.equalsIgnoreCase("enabled") ||</a>
<span class="sourceLineNo">605</span><a id="line.605"> value.equalsIgnoreCase("y") ||</a>
<span class="sourceLineNo">606</span><a id="line.606"> value.equalsIgnoreCase("yes") ||</a>
<span class="sourceLineNo">607</span><a id="line.607"> value.equalsIgnoreCase("on"));</a>
<span class="sourceLineNo">608</span><a id="line.608"> }</a>
<span class="sourceLineNo">609</span><a id="line.609"></a>
<span class="sourceLineNo">610</span><a id="line.610"> /**</a>
<span class="sourceLineNo">611</span><a id="line.611"> * Convenience method that returns a request parameter value, first running it through</a>
<span class="sourceLineNo">612</span><a id="line.612"> * {@link StringUtils#clean(String)}.</a>
<span class="sourceLineNo">613</span><a id="line.613"> *</a>
<span class="sourceLineNo">614</span><a id="line.614"> * @param request the servlet request.</a>
<span class="sourceLineNo">615</span><a id="line.615"> * @param paramName the parameter name.</a>
<span class="sourceLineNo">616</span><a id="line.616"> * @return the clean param value, or null if the param does not exist or is empty.</a>
<span class="sourceLineNo">617</span><a id="line.617"> */</a>
<span class="sourceLineNo">618</span><a id="line.618"> public static String getCleanParam(ServletRequest request, String paramName) {</a>
<span class="sourceLineNo">619</span><a id="line.619"> return StringUtils.clean(request.getParameter(paramName));</a>
<span class="sourceLineNo">620</span><a id="line.620"> }</a>
<span class="sourceLineNo">621</span><a id="line.621"></a>
<span class="sourceLineNo">622</span><a id="line.622"> public static void saveRequest(ServletRequest request) {</a>
<span class="sourceLineNo">623</span><a id="line.623"> Subject subject = SecurityUtils.getSubject();</a>
<span class="sourceLineNo">624</span><a id="line.624"> Session session = subject.getSession();</a>
<span class="sourceLineNo">625</span><a id="line.625"> HttpServletRequest httpRequest = toHttp(request);</a>
<span class="sourceLineNo">626</span><a id="line.626"> SavedRequest savedRequest = new SavedRequest(httpRequest);</a>
<span class="sourceLineNo">627</span><a id="line.627"> session.setAttribute(SAVED_REQUEST_KEY, savedRequest);</a>
<span class="sourceLineNo">628</span><a id="line.628"> }</a>
<span class="sourceLineNo">629</span><a id="line.629"></a>
<span class="sourceLineNo">630</span><a id="line.630"> public static SavedRequest getAndClearSavedRequest(ServletRequest request) {</a>
<span class="sourceLineNo">631</span><a id="line.631"> SavedRequest savedRequest = getSavedRequest(request);</a>
<span class="sourceLineNo">632</span><a id="line.632"> if (savedRequest != null) {</a>
<span class="sourceLineNo">633</span><a id="line.633"> Subject subject = SecurityUtils.getSubject();</a>
<span class="sourceLineNo">634</span><a id="line.634"> Session session = subject.getSession();</a>
<span class="sourceLineNo">635</span><a id="line.635"> session.removeAttribute(SAVED_REQUEST_KEY);</a>
<span class="sourceLineNo">636</span><a id="line.636"> }</a>
<span class="sourceLineNo">637</span><a id="line.637"> return savedRequest;</a>
<span class="sourceLineNo">638</span><a id="line.638"> }</a>
<span class="sourceLineNo">639</span><a id="line.639"></a>
<span class="sourceLineNo">640</span><a id="line.640"> public static SavedRequest getSavedRequest(ServletRequest request) {</a>
<span class="sourceLineNo">641</span><a id="line.641"> SavedRequest savedRequest = null;</a>
<span class="sourceLineNo">642</span><a id="line.642"> Subject subject = SecurityUtils.getSubject();</a>
<span class="sourceLineNo">643</span><a id="line.643"> Session session = subject.getSession(false);</a>
<span class="sourceLineNo">644</span><a id="line.644"> if (session != null) {</a>
<span class="sourceLineNo">645</span><a id="line.645"> savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_KEY);</a>
<span class="sourceLineNo">646</span><a id="line.646"> }</a>
<span class="sourceLineNo">647</span><a id="line.647"> return savedRequest;</a>
<span class="sourceLineNo">648</span><a id="line.648"> }</a>
<span class="sourceLineNo">649</span><a id="line.649"></a>
<span class="sourceLineNo">650</span><a id="line.650"> /**</a>
<span class="sourceLineNo">651</span><a id="line.651"> * Redirects the to the request url from a previously</a>
<span class="sourceLineNo">652</span><a id="line.652"> * {@link #saveRequest(javax.servlet.ServletRequest) saved} request, or if there is no saved request, redirects the</a>
<span class="sourceLineNo">653</span><a id="line.653"> * end user to the specified {@code fallbackUrl}. If there is no saved request or fallback url, this method</a>
<span class="sourceLineNo">654</span><a id="line.654"> * throws an {@link IllegalStateException}.</a>
<span class="sourceLineNo">655</span><a id="line.655"> * &lt;p/&gt;</a>
<span class="sourceLineNo">656</span><a id="line.656"> * This method is primarily used to support a common login scenario - if an unauthenticated user accesses a</a>
<span class="sourceLineNo">657</span><a id="line.657"> * page that requires authentication, it is expected that request is</a>
<span class="sourceLineNo">658</span><a id="line.658"> * {@link #saveRequest(javax.servlet.ServletRequest) saved} first and then redirected to the login page. Then,</a>
<span class="sourceLineNo">659</span><a id="line.659"> * after a successful login, this method can be called to redirect them back to their originally requested URL, a</a>
<span class="sourceLineNo">660</span><a id="line.660"> * nice usability feature.</a>
<span class="sourceLineNo">661</span><a id="line.661"> *</a>
<span class="sourceLineNo">662</span><a id="line.662"> * @param request the incoming request</a>
<span class="sourceLineNo">663</span><a id="line.663"> * @param response the outgoing response</a>
<span class="sourceLineNo">664</span><a id="line.664"> * @param fallbackUrl the fallback url to redirect to if there is no saved request available.</a>
<span class="sourceLineNo">665</span><a id="line.665"> * @throws IllegalStateException if there is no saved request and the {@code fallbackUrl} is {@code null}.</a>
<span class="sourceLineNo">666</span><a id="line.666"> * @throws IOException if there is an error redirecting</a>
<span class="sourceLineNo">667</span><a id="line.667"> * @since 1.0</a>
<span class="sourceLineNo">668</span><a id="line.668"> */</a>
<span class="sourceLineNo">669</span><a id="line.669"> public static void redirectToSavedRequest(ServletRequest request, ServletResponse response, String fallbackUrl)</a>
<span class="sourceLineNo">670</span><a id="line.670"> throws IOException {</a>
<span class="sourceLineNo">671</span><a id="line.671"> String successUrl = null;</a>
<span class="sourceLineNo">672</span><a id="line.672"> boolean contextRelative = true;</a>
<span class="sourceLineNo">673</span><a id="line.673"> SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);</a>
<span class="sourceLineNo">674</span><a id="line.674"> if (savedRequest != null &amp;&amp; savedRequest.getMethod().equalsIgnoreCase(AccessControlFilter.GET_METHOD)) {</a>
<span class="sourceLineNo">675</span><a id="line.675"> successUrl = savedRequest.getRequestUrl();</a>
<span class="sourceLineNo">676</span><a id="line.676"> contextRelative = false;</a>
<span class="sourceLineNo">677</span><a id="line.677"> }</a>
<span class="sourceLineNo">678</span><a id="line.678"></a>
<span class="sourceLineNo">679</span><a id="line.679"> if (successUrl == null) {</a>
<span class="sourceLineNo">680</span><a id="line.680"> successUrl = fallbackUrl;</a>
<span class="sourceLineNo">681</span><a id="line.681"> }</a>
<span class="sourceLineNo">682</span><a id="line.682"></a>
<span class="sourceLineNo">683</span><a id="line.683"> if (successUrl == null) {</a>
<span class="sourceLineNo">684</span><a id="line.684"> throw new IllegalStateException("Success URL not available via saved request or via the " +</a>
<span class="sourceLineNo">685</span><a id="line.685"> "successUrlFallback method parameter. One of these must be non-null for " +</a>
<span class="sourceLineNo">686</span><a id="line.686"> "issueSuccessRedirect() to work.");</a>
<span class="sourceLineNo">687</span><a id="line.687"> }</a>
<span class="sourceLineNo">688</span><a id="line.688"></a>
<span class="sourceLineNo">689</span><a id="line.689"> WebUtils.issueRedirect(request, response, successUrl, null, contextRelative);</a>
<span class="sourceLineNo">690</span><a id="line.690"> }</a>
<span class="sourceLineNo">691</span><a id="line.691"></a>
<span class="sourceLineNo">692</span><a id="line.692">}</a>
</pre>
</div>
</main>
</body>
</html>