Class CookieRequestCache
- java.lang.Object
-
- com.broadleafcommerce.auth.user.session.CookieRequestCache
-
- All Implemented Interfaces:
org.springframework.security.web.savedrequest.RequestCache
public class CookieRequestCache extends Object implements org.springframework.security.web.savedrequest.RequestCache
Alternative storage mechanism for an original destination before being redirected for login. Normally, Spring stores the original destination as part of the session, which requires state to be maintained on the server. The approach used here stores the original request url in a cookie. This cookie can then be retrieved at a later time and used to return the user to the original destination. This allows for a stateless implementation for saved requests.
As an additional safety measure, the cookie information is delivered in the form of a signed JWT token so that the authenticity of the cookie information can be confirmed. This should never be required, but if for some reason the cookie was to be replaced by an unknown attack mechanism, it would not be verified and any attempt to use the saved cookie value would fail.
- Author:
- Jeff Fischer
-
-
Constructor Summary
Constructors Constructor Description CookieRequestCache(StatelessUtil statelessUtil, boolean useRedirectUriHost)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description javax.servlet.http.HttpServletRequestgetMatchingRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)org.springframework.security.web.savedrequest.SavedRequestgetRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)booleanisErrorRequest(javax.servlet.http.HttpServletRequest request)voidremoveRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)voidsaveRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)voidsetErrorRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher errorRequestMatcher)voidsetPortResolver(org.springframework.security.web.PortResolver portResolver)voidsetRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher)
-
-
-
Constructor Detail
-
CookieRequestCache
public CookieRequestCache(StatelessUtil statelessUtil, boolean useRedirectUriHost)
-
-
Method Detail
-
saveRequest
public void saveRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)- Specified by:
saveRequestin interfaceorg.springframework.security.web.savedrequest.RequestCache
-
getRequest
public org.springframework.security.web.savedrequest.SavedRequest getRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)- Specified by:
getRequestin interfaceorg.springframework.security.web.savedrequest.RequestCache
-
getMatchingRequest
public javax.servlet.http.HttpServletRequest getMatchingRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)- Specified by:
getMatchingRequestin interfaceorg.springframework.security.web.savedrequest.RequestCache
-
removeRequest
public void removeRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)- Specified by:
removeRequestin interfaceorg.springframework.security.web.savedrequest.RequestCache
-
isErrorRequest
public boolean isErrorRequest(javax.servlet.http.HttpServletRequest request)
-
setPortResolver
public void setPortResolver(org.springframework.security.web.PortResolver portResolver)
-
setRequestMatcher
public void setRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher)
-
setErrorRequestMatcher
public void setErrorRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher errorRequestMatcher)
-
-