com.atlassian.seraph.config

Class DefaultRedirectPolicy

java.lang.Object

com.atlassian.seraph.config.DefaultRedirectPolicy

All Implemented Interfaces:

RedirectPolicy, Initable

public class DefaultRedirectPolicy
extends Object
implements RedirectPolicy

Constructor Summary

Constructors

Constructor and Description
DefaultRedirectPolicy()

Method Summary

Modifier and Type	Method and Description
boolean	allowedRedirectDestination(String redirectUrl, javax.servlet.http.HttpServletRequest request) Checks if the given redirectURL is permitted.
void	init(Map<String,String> params, SecurityConfig config) Initialise the configuration object with the given "init-params".
boolean	isAllowAnyUrl() Returns true if we allow redirect to any URL at all.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultRedirectPolicy

public DefaultRedirectPolicy()

Method Detail

init

public void init(Map<String,String> params,
                 SecurityConfig config)

Description copied from interface: Initable

Initialise the configuration object with the given "init-params".

Specified by:

init in interface Initable

Parameters:

params - The map of "init-params" extracted from the Seraph config file. This is guaranteed not null.

config - The Seraph SecurityConfig class that is initialising the config objects. This object will only be partially initialised at this time.

isAllowAnyUrl

public boolean isAllowAnyUrl()

Returns true if we allow redirect to any URL at all. By default this is false, however it may be configured to true in the Seraph config file to allow legacy behaviour.

Returns:

true if we allow redirect to any URL at all.

allowedRedirectDestination

public boolean allowedRedirectDestination(String redirectUrl,
                                          javax.servlet.http.HttpServletRequest request)

Checks if the given redirectURL is permitted.

Uses the configured redirect rules to see if we are allowed to redirect to the given URL. By default, the following is allowed:

• Any relative URL
• An absolute URL to the same context path as the current incoming request

You can configure this "security-policy" in the Seraph XML config file. eg:

  <redirect-policy class="com.atlassian.seraph.config.SimpleRedirectPolicy">
    <init-param>
      <param-name>allow.any.redirect.url</param-name>
      <param-value>true</param-value>
    </init-param>
  </redirect-policy>
 

Specified by:

allowedRedirectDestination in interface RedirectPolicy

Parameters:

redirectUrl - Requested redirect URL to be verified.

request - The current incoming request.

Returns:

true if this redirectURL is allowed.