public class CookieRequestCache extends Object implements org.springframework.security.web.savedrequest.RequestCache
Alternative storage mechanism for an original destination before being redirected for login. Normally, Spring stores the original destination as part of the session, which requires state to be maintained on the server. The approach used here stores the original request url in a cookie. This cookie can then be retrieved at a later time and used to return the user to the original destination. This allows for a stateless implementation for saved requests.
As an additional safety measure, the cookie information is delivered in the form of a signed JWT token so that the authenticity of the cookie information can be confirmed. This should never be required, but if for some reason the cookie was to be replaced by an unknown attack mechanism, it would not be verified and any attempt to use the saved cookie value would fail.
| Constructor and Description |
|---|
CookieRequestCache(StatelessUtil statelessUtil,
boolean useRedirectUriHost) |
| Modifier and Type | Method and Description |
|---|---|
javax.servlet.http.HttpServletRequest |
getMatchingRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
org.springframework.security.web.savedrequest.SavedRequest |
getRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
boolean |
isErrorRequest(javax.servlet.http.HttpServletRequest request) |
void |
removeRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
void |
saveRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
void |
setErrorRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher errorRequestMatcher) |
void |
setPortResolver(org.springframework.security.web.PortResolver portResolver) |
void |
setRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher) |
public CookieRequestCache(StatelessUtil statelessUtil, boolean useRedirectUriHost)
public void saveRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
saveRequest in interface org.springframework.security.web.savedrequest.RequestCachepublic org.springframework.security.web.savedrequest.SavedRequest getRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
getRequest in interface org.springframework.security.web.savedrequest.RequestCachepublic javax.servlet.http.HttpServletRequest getMatchingRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
getMatchingRequest in interface org.springframework.security.web.savedrequest.RequestCachepublic void removeRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
removeRequest in interface org.springframework.security.web.savedrequest.RequestCachepublic boolean isErrorRequest(javax.servlet.http.HttpServletRequest request)
public void setPortResolver(org.springframework.security.web.PortResolver portResolver)
public void setRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher)
public void setErrorRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher errorRequestMatcher)
Copyright © 2021. All rights reserved.