com.atlassian.seraph.util

Class RedirectUtils

java.lang.Object

com.atlassian.seraph.util.RedirectUtils

public class RedirectUtils
extends Object

Utilities for login link redirection.

Constructor Summary

Constructors

Constructor and Description
RedirectUtils()

Method Summary

Modifier and Type	Method and Description
static String	appendPathToContext(String context, String path) Appends the path to the context, dealing with any missing slashes properly.
static String	getLinkLoginURL(javax.servlet.http.HttpServletRequest request) Returns a login URL that would log the user in to access resource indicated by request.
static String	getLoginUrl(javax.servlet.http.HttpServletRequest request) Returns a login URL that would log the user in to access resource indicated by request.
static String	getLoginURL(String loginURL, javax.servlet.http.HttpServletRequest request)
static String	getServerNameAndPath(javax.servlet.http.HttpServletRequest request) Reconstruct the context part of a request URL from a HttpServletRequest.
static boolean	isBasicAuthentication(javax.servlet.http.HttpServletRequest request, String basicAuthParameterName) Check whether the request authentication strategy is using HTTP Basic Authentication
static boolean	sameContext(String url, javax.servlet.http.HttpServletRequest request) Tests if a given (absolute) URL is in the same context as the incoming HttpServletRequest.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RedirectUtils

public RedirectUtils()

Method Detail

getLoginUrl

public static String getLoginUrl(javax.servlet.http.HttpServletRequest request)

Returns a login URL that would log the user in to access resource indicated by request.

For instance, if request is for protected path "/browse/JRA-123" and the user must login before accessing this resource, this method might return "/login.jsp?os_destination=%2Fbrowse%2FJRA-123". Presumably the login.jsp page will redirect back to 'os_destination' once logged in.

The returned path is derived from the login.url parameter in seraph-config.xml, which in the example above would be "/login.jsp?os_destination={originalurl}". The '${originalurl}' token is replaced at runtime with a relative or absolute path to the original resource requested by request ('/browse/JRA-123').

Both the returned URL and the ${originalurl} replacement URL may be absolute or root-relative, depending on whether the seraph-config.xml login.url parameter is. This allows for redirection to external Single Sign-on(SSO) apps, which are passed an absolute path to the originally requested resource.

No actual permission checks are performed to determine whether the user needs to log in to access the resource. The caller is assumed to have done this before calling this method.

Parameters:

request - The original request made by the user for a resource.

Returns:

A root-relative or absolute URL of a login link that would log the user in to access the resource.

getLinkLoginURL

public static String getLinkLoginURL(javax.servlet.http.HttpServletRequest request)

Returns a login URL that would log the user in to access resource indicated by request. Identical to getLoginUrl(javax.servlet.http.HttpServletRequest), except uses the 'link.login.url' parameter in seraph-config.xml instead of 'login.url', which allows for different login pages depending on whether invoked from a link ("link.login.url") or from a servlet filter that intercepted a request ("login.url").

See Also:

for parameters, etc

getLoginURL

public static String getLoginURL(String loginURL,
                                 javax.servlet.http.HttpServletRequest request)

getServerNameAndPath

public static String getServerNameAndPath(javax.servlet.http.HttpServletRequest request)

Reconstruct the context part of a request URL from a HttpServletRequest.

Parameters:

request - the HttpServletRequest.

Returns:

the context part of a request URL from the given HttpServletRequest.

isBasicAuthentication

public static boolean isBasicAuthentication(javax.servlet.http.HttpServletRequest request,
                                            String basicAuthParameterName)

Check whether the request authentication strategy is using HTTP Basic Authentication

Parameters:

request - the current HttpServletRequest

basicAuthParameterName - the name of the request parameter that sets the type of authorisation to apply for the current request

appendPathToContext

public static String appendPathToContext(String context,
                                         String path)

Appends the path to the context, dealing with any missing slashes properly. Does NOT resolve the path using URL resolution rules. Does NOT attempt to normalise the resulting URL.

Parameters:

context - a context path as returned by HttpServletRequest.getContextPath, e.g. "/confluence". If null, it will be treated as the default context ("").

path - a path to be appended to the context, e.g. "/homepage.action". If this is null, the context will be returned if it is non-null, otherwise the empty string will be returned.

Returns:

a URL of the given path within the context, e.g. "/confluence/homepage.action".

sameContext

public static boolean sameContext(String url,
                                  javax.servlet.http.HttpServletRequest request)

Tests if a given (absolute) URL is in the same context as the incoming HttpServletRequest. This is useful for checking if we will allow a redirect to the given URL.

Parameters:

url - The URL.

request - the incoming HttpServletRequest.

Returns:

true if the given URL is in the same context as the incoming HttpServletRequest.