shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r798589 - in /incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web: WebUtils.java filter/authc/AuthenticationFilter.java
Date Tue, 28 Jul 2009 16:08:10 GMT
Author: lhazlewood
Date: Tue Jul 28 16:08:10 2009
New Revision: 798589

URL: http://svn.apache.org/viewvc?rev=798589&view=rev
Log:
Extracted saved request redirect method to WebUtils (all the other saved request methods were
in web utils already - it made sense to keep this consistent)

Modified:
    incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/WebUtils.java
    incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java

Modified: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/WebUtils.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/WebUtils.java?rev=798589&r1=798588&r2=798589&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/WebUtils.java (original)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/WebUtils.java Tue Jul 28
16:08:10 2009
@@ -18,30 +18,30 @@
  */
 package org.apache.shiro.web;
 
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.StringUtils;
+import org.apache.shiro.util.ThreadContext;
+import org.apache.shiro.web.filter.AccessControlFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.InetAddress;
 import java.net.URLDecoder;
 import java.net.UnknownHostException;
 import java.util.Map;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.session.Session;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.StringUtils;
-import org.apache.shiro.util.ThreadContext;
 
 /**
  * Simple utility class for operations used across multiple class hierarchies in the web
framework code.
- *
- * <p>Some methods in this class were copied from the Spring Framework so we didn't
have to re-invent the wheel,
+ * <p/>
+ * Some methods in this class were copied from the Spring Framework so we didn't have to
re-invent the wheel,
  * and in these cases, we have retained all license, copyright and author information.
  *
  * @author Les Hazlewood
@@ -320,7 +320,7 @@
      * servlet-only environment.
      * <p/>
      * <b>THIS IS NOT PART OF APACHE SHIRO'S PUBLIC API.</b>  It exists for Shiro
implementation requirements only.
-     * 
+     *
      * @return the current thread-bound {@code ServletRequest} or {@code null} if there is
not one bound.
      * @since 1.0
      */
@@ -355,11 +355,11 @@
 
     /**
      * Convenience method that simplifies binding a ServletRequest to the current thread
(via the ThreadContext).
-     *
+     * <p/>
      * <p>The method's existence is to help reduce casting in your own code and to
simplify remembering of
      * ThreadContext key names.  The implementation is simple in that, if the servletRequest
is not <tt>null</tt>,
      * it binds it to the thread, i.e.:
-     *
+     * <p/>
      * <pre>
      * if (servletRequest != null) {
      *     ThreadContext.put( SERVLET_REQUEST_KEY, servletRequest );
@@ -441,11 +441,11 @@
 
     /**
      * Convenience method that simplifies binding a ServletResponse to the thread via the
ThreadContext.
-     *
+     * <p/>
      * <p>The method's existence is to help reduce casting in your own code and to
simplify remembering of
      * ThreadContext key names.  The implementation is simple in that, if the servletResponse
is not <tt>null</tt>,
      * it binds it to the thread, i.e.:
-     *
+     * <p/>
      * <pre>
      * if (servletResponse != null) {
      *     ThreadContext.put( SERVLET_RESPONSE_KEY, servletResponse );
@@ -538,7 +538,7 @@
     /**
      * <p>Checks to see if a request param is considered true using a loose matching
strategy for
      * general values that indicate that something is true or enabled, etc.</p>
-     *
+     * <p/>
      * <p>Values that are considered "true" include (case-insensitive): true, t, 1,
enabled, y, yes, on.</p>
      *
      * @param request   the servlet request
@@ -597,5 +597,46 @@
         return savedRequest;
     }
 
+    /**
+     * Redirects the to the request url from a previously
+     * {@link #saveRequest(javax.servlet.ServletRequest) saved} request, or if there is no
saved request, redirects the
+     * end user to the specified {@code fallbackUrl}.  If there is no saved request or fallback
url, this method
+     * throws an {@link IllegalStateException}.
+     * <p/>
+     * This method is primarily used to support a common login scenario - if an unauthenticated
user accesses a
+     * page that requires authentication, it is expected that request is
+     * {@link #saveRequest(javax.servlet.ServletRequest) saved} first and then redirected
to the login page. Then,
+     * after a successful login, this method can be called to redirect them back to their
originally requested URL, a
+     * nice usability feature.
+     *
+     * @param request     the incoming request
+     * @param response    the outgoing response
+     * @param fallbackUrl the fallback url to redirect to if there is no saved request available.
+     * @throws IllegalStateException if there is no saved request and the {@code fallbackUrl}
is {@code null}.
+     * @throws IOException           if there is an error redirecting
+     * @since 1.0
+     */
+    public static void redirectToSavedRequest(ServletRequest request, ServletResponse response,
String fallbackUrl)
+            throws IOException {
+        String successUrl = null;
+        boolean contextRelative = true;
+        SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);
+        if (savedRequest != null && savedRequest.getMethod().equalsIgnoreCase(AccessControlFilter.GET_METHOD))
{
+            successUrl = savedRequest.getRequestUrl();
+            contextRelative = false;
+        }
+
+        if (successUrl == null) {
+            successUrl = fallbackUrl;
+        }
+
+        if (successUrl == null) {
+            throw new IllegalStateException("Success URL not available via saved request
or via the " +
+                    "successUrlFallback method parameter. One of these must be non-null for
" +
+                    "issueSuccessRedirect() to work.");
+        }
+
+        WebUtils.issueRedirect(request, response, successUrl, null, contextRelative);
+    }
 
 }

Modified: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java?rev=798589&r1=798588&r2=798589&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
(original)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
Tue Jul 28 16:08:10 2009
@@ -18,18 +18,17 @@
  */
 package org.apache.shiro.web.filter.authc;
 
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
 import org.apache.shiro.subject.Subject;
-import org.apache.shiro.web.SavedRequest;
 import org.apache.shiro.web.WebUtils;
 import org.apache.shiro.web.filter.AccessControlFilter;
 
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
 /**
- * <p>Base class for all Filters that require the current user to be authenticated.
This class encapsulates the
- * logic of checking whether a user is already authenticated in the system. If the user is
not authenticated, we use
- * the template method pattern to delegate the processing of an unauthenticated request to
sub classes.</p>
+ * Base class for all Filters that require the current user to be authenticated. This class
encapsulates the
+ * logic of checking whether a user is already authenticated in the system while subclasses
are required to perform
+ * specific logic for unauthenticated requests.
  *
  * @author Allan Ditzel
  * @author Jeremy Haile
@@ -40,18 +39,29 @@
 
     //TODO - complete JavaDoc
 
-    public static final String DEFAULT_SUCCESS_URL = "/index.jsp";
+    public static final String DEFAULT_SUCCESS_URL = "/";
 
     private String successUrl = DEFAULT_SUCCESS_URL;
 
+    /**
+     * Returns the success url to use as the default location a user is sent after logging
in.  Typically a redirect
+     * after login will redirect to the originally request URL; this property is provided
mainly as a fallback in case
+     * the original request URL is not available or not specified.
+     * <p/>
+     * The default value is {@link #DEFAULT_SUCCESS_URL}.
+     *
+     * @return the success url to use as the default location a user is sent after logging
in.
+     */
     protected String getSuccessUrl() {
         return successUrl;
     }
 
     /**
-     * Sets the success URL that is the default location a user is sent to after logging
in when
-     * {@link #issueSuccessRedirect(javax.servlet.ServletRequest, javax.servlet.ServletResponse)}
-     * is called by subclasses of this filter.
+     * Sets the default/fallback success url to use as the default location a user is sent
after logging in.  Typically
+     * a redirect after login will redirect to the originally request URL; this property
is provided mainly as a
+     * fallback in case the original request URL is not available or not specified.
+     * <p/>
+     * The default value is {@link #DEFAULT_SUCCESS_URL}.
      *
      * @param successUrl the success URL to redirect the user to after a successful login.
      */
@@ -74,26 +84,17 @@
         return subject.isAuthenticated();
     }
 
+    /**
+     * Redirects to user to the previously attempted URL after a successful login.  This
implementation simply calls
+     * <code>{@link WebUtils WebUtils}.{@link WebUtils#redirectToSavedRequest(javax.servlet.ServletRequest,
javax.servlet.ServletResponse, String) redirectToSavedRequest}</code>
+     * using the {@link #getSuccessUrl() successUrl} as the {@code fallbackUrl} argument
to that call.
+     *
+     * @param request  the incoming request
+     * @param response the outgoing response
+     * @throws Exception if there is a problem redirecting.
+     */
     protected void issueSuccessRedirect(ServletRequest request, ServletResponse response)
throws Exception {
-
-        String successUrl = null;
-        boolean contextRelative = true;
-        SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);
-        if (savedRequest != null && savedRequest.getMethod().equalsIgnoreCase(GET_METHOD))
{
-            successUrl = savedRequest.getRequestUrl();
-            contextRelative = false;
-        }
-
-        if (successUrl == null) {
-            successUrl = getSuccessUrl();
-        }
-
-        if (successUrl == null) {
-            throw new IllegalStateException("Success URL not available via saved request
or by calling " +
-                    "getSuccessUrl().  One of these must be non-null for issueSuccessRedirect()
to work.");
-        }
-
-        WebUtils.issueRedirect(request, response, successUrl, null, contextRelative);
+        WebUtils.redirectToSavedRequest(request, response, getSuccessUrl());
     }
 
 }



Mime
View raw message