java.lang.Object | |
↳ | org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler |
Known Direct Subclasses |
Known Indirect Subclasses |
Base class containing the logic used by strategies which handle redirection to a URL and
are passed an Authentication
object as part of the contract.
See AuthenticationSuccessHandler
and
LogoutSuccessHandler
, for example.
Uses the following logic sequence to determine how it should handle the forward/redirect
alwaysUseDefaultTargetUrl
property is set to true, the defaultTargetUrl
property
will be used for the destination.
targetUrlParameter
has been set on the request, the value will be used
as the destination. If you are enabling this functionality, then you should ensure that the parameter
cannot be used by an attacker to redirect the user to a malicious site (by clicking on a URL with the parameter
included, for example). Typically it would be used when the parameter is included in the login form and submitted with
the username and password.
useReferer
property is set, the "Referer" HTTP header value will be used, if present.
defaultTargetUrl
value will be used.
Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
logger |
Protected Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
If
true , will always redirect to the value of defaultTargetUrl
(defaults to false ). | |||||||||||
Supplies the default target Url that will be used if no saved request is found in the session, or the
alwaysUseDefaultTargetUrl property is set to true. | |||||||||||
Allows overriding of the behaviour when redirecting to a target URL.
| |||||||||||
If this property is set, the current request will be checked for this a parameter with this name
and the value used as the target URL if present.
| |||||||||||
If set to
true the Referer header will be used (if available). |
Protected Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Builds the target URL according to the logic defined in the main class Javadoc.
| |||||||||||
Supplies the default target Url that will be used if no saved request is found or the
alwaysUseDefaultTargetUrl property is set to true. | |||||||||||
Invokes the configured
RedirectStrategy with the URL returned by the determineTargetUrl method. | |||||||||||
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
|
If true
, will always redirect to the value of defaultTargetUrl
(defaults to false
).
Supplies the default target Url that will be used if no saved request is found in the session, or the
alwaysUseDefaultTargetUrl
property is set to true. If not set, defaults to /
. It
will be treated as relative to the web-app's context path, and should include the leading /
.
Alternatively, inclusion of a scheme name (such as "http://" or "https://") as the prefix will denote a
fully-qualified URL and this is also supported.
Allows overriding of the behaviour when redirecting to a target URL.
If this property is set, the current request will be checked for this a parameter with this name and the value used as the target URL if present.
targetUrlParameter | the name of the parameter containing the encoded target URL. Defaults to null. |
---|
If set to true
the Referer
header will be used (if available). Defaults to false
.
Builds the target URL according to the logic defined in the main class Javadoc.
Supplies the default target Url that will be used if no saved request is found or the
alwaysUseDefaultTargetUrl
property is set to true. If not set, defaults to /
.
Invokes the configured RedirectStrategy
with the URL returned by the determineTargetUrl
method.
The redirect will not be performed if the response has already been committed.
IOException | |
---|---|
ServletException |