From 43f3568b16f31529ae7d8c3026c94b1b5b32ec5b Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Wed, 3 Mar 2010 23:11:49 +0000 Subject: [PATCH] SEC-1407: Removed original URL matching classes and updated Javadoc of new RequestMatcher versions. --- ...AuthenticationTargetUrlRequestHandler.java | 18 ++++++- .../web/util/AntPathRequestMatcher.java | 3 +- .../security/web/util/AntUrlPathMatcher.java | 50 ------------------- .../web/util/RegexRequestMatcher.java | 27 ++++++++++ .../web/util/RegexUrlPathMatcher.java | 32 ------------ .../security/web/util/UrlMatcher.java | 23 --------- 6 files changed, 45 insertions(+), 108 deletions(-) delete mode 100644 web/src/main/java/org/springframework/security/web/util/AntUrlPathMatcher.java delete mode 100644 web/src/main/java/org/springframework/security/web/util/RegexUrlPathMatcher.java delete mode 100644 web/src/main/java/org/springframework/security/web/util/UrlMatcher.java diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java index 30ec2651c8..c30f2fbefe 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java +++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java @@ -39,6 +39,7 @@ import org.springframework.util.StringUtils; *
  • * As a fallback option, the defaultTargetUrl value will be used. *
    • + * * * @author Luke Taylor * @since 3.0 @@ -56,13 +57,26 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler { protected AbstractAuthenticationTargetUrlRequestHandler() { } + /** + * Invokes the configured {@code RedirectStrategy} with the URL returned by the {@code determineTargetUrl} method. + *

    + * The redirect will not be performed if the response has already been committed. + */ protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { String targetUrl = determineTargetUrl(request, response); + if (response.isCommitted()) { + logger.debug("Response has already been committed. Unable to redirect to " + targetUrl); + return; + } + redirectStrategy.sendRedirect(request, response, targetUrl); } + /** + * Builds the target URL according to the logic defined in the main class Javadoc. + */ protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) { if (isAlwaysUseDefaultTargetUrl()) { return defaultTargetUrl; @@ -102,7 +116,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler { * * @return the defaultTargetUrl property */ - protected String getDefaultTargetUrl() { + protected final String getDefaultTargetUrl() { return defaultTargetUrl; } @@ -137,7 +151,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler { * The current request will be checked for this parameter before and the value used as the target URL if present. * * @param targetUrlParameter the name of the parameter containing the encoded target URL. Defaults - * to "redirect". + * to "spring-security-redirect". */ public void setTargetUrlParameter(String targetUrlParameter) { Assert.hasText("targetUrlParameter canot be null or empty"); diff --git a/web/src/main/java/org/springframework/security/web/util/AntPathRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/AntPathRequestMatcher.java index f86ef33472..0c197e2392 100644 --- a/web/src/main/java/org/springframework/security/web/util/AntPathRequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/util/AntPathRequestMatcher.java @@ -11,7 +11,8 @@ import org.springframework.util.StringUtils; /** * Matcher which compares a pre-defined ant-style pattern against the URL of an - * {@code HttpServletRequest}. Ignores the query string of the URL. + * {@code HttpServletRequest}. Ignores the query string of the URL and always performs + * case-insensitive matching. * * @author Luke Taylor * @since 3.1 diff --git a/web/src/main/java/org/springframework/security/web/util/AntUrlPathMatcher.java b/web/src/main/java/org/springframework/security/web/util/AntUrlPathMatcher.java deleted file mode 100644 index f0fbadf0b1..0000000000 --- a/web/src/main/java/org/springframework/security/web/util/AntUrlPathMatcher.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.springframework.security.web.util; - -import org.springframework.util.PathMatcher; -import org.springframework.util.AntPathMatcher; - -/** - * Ant path strategy for URL matching. - * - * @author Luke Taylor - */ -public class AntUrlPathMatcher implements UrlMatcher { - private boolean requiresLowerCaseUrl = true; - private PathMatcher pathMatcher = new AntPathMatcher(); - - public AntUrlPathMatcher() { - this(true); - } - - public AntUrlPathMatcher(boolean requiresLowerCaseUrl) { - this.requiresLowerCaseUrl = requiresLowerCaseUrl; - } - - public Object compile(String path) { - if (requiresLowerCaseUrl) { - return path.toLowerCase(); - } - - return path; - } - - public void setRequiresLowerCaseUrl(boolean requiresLowerCaseUrl) { - this.requiresLowerCaseUrl = requiresLowerCaseUrl; - } - - public boolean pathMatchesUrl(Object path, String url) { - return pathMatcher.match((String)path, url); - } - - public String getUniversalMatchPattern() { - return "/**"; - } - - public boolean requiresLowerCaseUrl() { - return requiresLowerCaseUrl; - } - - public String toString() { - return getClass().getName() + "[requiresLowerCase='" + requiresLowerCaseUrl + "']"; - } -} diff --git a/web/src/main/java/org/springframework/security/web/util/RegexRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/RegexRequestMatcher.java index 2f64d6d291..9ced66a04a 100644 --- a/web/src/main/java/org/springframework/security/web/util/RegexRequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/util/RegexRequestMatcher.java @@ -10,6 +10,13 @@ import org.springframework.http.HttpMethod; import org.springframework.util.StringUtils; /** + * Uses a regular expression to decide whether a supplied the URL of a supplied {@code HttpServletRequest}. + * + * Can also be configured to match a specific HTTP method. + * + * The match is performed against the {@code servletPath + pathInfo + queryString} of the request and is case-sensitive + * by default. Case-insensitive matching can be used by using the constructor which takes the {@code caseInsentitive} + * argument. * * @author Luke Taylor * @since 3.1 @@ -20,10 +27,23 @@ public final class RegexRequestMatcher implements RequestMatcher { private final Pattern pattern; private final HttpMethod httpMethod; + /** + * Creates a case-sensitive {@code Pattern} instance to match against the request. + * + * @param pattern the regular expression to compile into a pattern. + * @param httpMethod the HTTP method to match. May be null to match all methods. + */ public RegexRequestMatcher(String pattern, String httpMethod) { this(pattern, httpMethod, false); } + /** + * As above, but allows setting of whether case-insensitive matching should be used. + * + * @param pattern the regular expression to compile into a pattern. + * @param httpMethod the HTTP method to match. May be null to match all methods. + * @param caseInsensitive if true, the pattern will be compiled with the {@link Pattern.CASE_INSENSITIVE} flag set. + */ public RegexRequestMatcher(String pattern, String httpMethod, boolean caseInsensitive) { if (caseInsensitive) { this.pattern = Pattern.compile(pattern, Pattern.CASE_INSENSITIVE); @@ -33,6 +53,13 @@ public final class RegexRequestMatcher implements RequestMatcher { this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod.valueOf(httpMethod) : null; } + /** + * Performs the match of the request URL ({@code servletPath + pathInfo + queryString}) against + * the compiled pattern. + * + * @param requst the request to match + * @return true if the pattern matches the URL, false otherwise. + */ public boolean matches(HttpServletRequest request) { if (httpMethod != null && httpMethod != HttpMethod.valueOf(request.getMethod())) { return false; diff --git a/web/src/main/java/org/springframework/security/web/util/RegexUrlPathMatcher.java b/web/src/main/java/org/springframework/security/web/util/RegexUrlPathMatcher.java deleted file mode 100644 index 5445d074c5..0000000000 --- a/web/src/main/java/org/springframework/security/web/util/RegexUrlPathMatcher.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.springframework.security.web.util; - -import java.util.regex.Pattern; - -/** - * @author Luke Taylor - */ -public class RegexUrlPathMatcher implements UrlMatcher { - private boolean requiresLowerCaseUrl = false; - - public Object compile(String path) { - return Pattern.compile(path); - } - - public void setRequiresLowerCaseUrl(boolean requiresLowerCaseUrl) { - this.requiresLowerCaseUrl = requiresLowerCaseUrl; - } - - public boolean pathMatchesUrl(Object compiledPath, String url) { - Pattern pattern = (Pattern)compiledPath; - - return pattern.matcher(url).matches(); - } - - public String getUniversalMatchPattern() { - return "/.*"; - } - - public boolean requiresLowerCaseUrl() { - return requiresLowerCaseUrl; - } -} diff --git a/web/src/main/java/org/springframework/security/web/util/UrlMatcher.java b/web/src/main/java/org/springframework/security/web/util/UrlMatcher.java deleted file mode 100644 index 5367267190..0000000000 --- a/web/src/main/java/org/springframework/security/web/util/UrlMatcher.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.springframework.security.web.util; - -/** - * Strategy for deciding whether configured path matches a submitted candidate URL. - * - * @author Luke Taylor - * @since 2.0 - */ -public interface UrlMatcher { - - Object compile(String urlPattern); - - boolean pathMatchesUrl(Object compiledUrlPattern, String url); - - /** Returns the path which matches every URL */ - String getUniversalMatchPattern(); - - /** - * Returns true if the matcher expects the URL to be converted to lower case before - * calling {@link #pathMatchesUrl(Object, String)}. - */ - boolean requiresLowerCaseUrl(); -}