public final class

UrlUtils

extends Object
java.lang.Object
   ↳ org.springframework.security.web.util.UrlUtils

Class Overview

Provides static methods for composing URLs.

Placed into a separate class for visibility, so that changes to URL formatting conventions will affect all users.

Summary

Public Constructors
UrlUtils()
Public Methods
static String buildFullRequestUrl(HttpServletRequest r)
static String buildFullRequestUrl(String scheme, String serverName, int serverPort, String requestURI, String queryString)
Obtains the full URL the client used to make the request.
static String buildRequestUrl(HttpServletRequest r)
Obtains the web application-specific fragment of the request URL.
static boolean isAbsoluteUrl(String url)
Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.
static boolean isValidRedirectUrl(String url)
Returns true if the supplied URL starts with a "/" or is absolute.
[Expand]
Inherited Methods
From class java.lang.Object

Public Constructors

public UrlUtils ()

Public Methods

public static String buildFullRequestUrl (HttpServletRequest r)

public static String buildFullRequestUrl (String scheme, String serverName, int serverPort, String requestURI, String queryString)

Obtains the full URL the client used to make the request.

Note that the server port will not be shown if it is the default server port for HTTP or HTTPS (80 and 443 respectively).

Returns
  • the full URL, suitable for redirects (not decoded).

public static String buildRequestUrl (HttpServletRequest r)

Obtains the web application-specific fragment of the request URL.

Under normal spec conditions, 

 requestURI = contextPath + servletPath + pathInfo
But the requestURI is not decoded, whereas the servletPath and pathInfo are (SEC-1255). This method is typically used to return a URL for matching against secured paths, hence the decoded form is used in preference to the requestURI for building the returned value. But this method may also be called using dummy request objects which just have the requestURI and contextPatth set, for example, so it will fall back to using those.

Returns
  • the decoded URL, excluding any server name, context path or servlet path

public static boolean isAbsoluteUrl (String url)

Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.

public static boolean isValidRedirectUrl (String url)

Returns true if the supplied URL starts with a "/" or is absolute.