Class CookieRequestCache
- All Implemented Interfaces:
org.springframework.security.web.savedrequest.RequestCache
Alternative storage mechanism for an original destination before being redirected for login. Normally, Spring stores the original destination as part of the session, which requires state to be maintained on the server. The approach used here stores the original request url in a cookie. This cookie can then be retrieved at a later time and used to return the user to the original destination. This allows for a stateless implementation for saved requests.
As an additional safety measure, the cookie information is delivered in the form of a signed JWT token so that the authenticity of the cookie information can be confirmed. This should never be required, but if for some reason the cookie was to be replaced by an unknown attack mechanism, it would not be verified and any attempt to use the saved cookie value would fail.
- Author:
- Jeff Fischer
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionjakarta.servlet.http.HttpServletRequest
getMatchingRequest
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) org.springframework.security.web.savedrequest.SavedRequest
getRequest
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) boolean
isErrorRequest
(jakarta.servlet.http.HttpServletRequest request) void
removeRequest
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) void
saveRequest
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) void
setErrorRequestMatcher
(org.springframework.security.web.util.matcher.RequestMatcher errorRequestMatcher) void
setPortResolver
(org.springframework.security.web.PortResolver portResolver) void
setRequestMatcher
(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher)
-
Constructor Details
-
CookieRequestCache
-
-
Method Details
-
saveRequest
public void saveRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) - Specified by:
saveRequest
in interfaceorg.springframework.security.web.savedrequest.RequestCache
-
getRequest
public org.springframework.security.web.savedrequest.SavedRequest getRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) - Specified by:
getRequest
in interfaceorg.springframework.security.web.savedrequest.RequestCache
-
getMatchingRequest
public jakarta.servlet.http.HttpServletRequest getMatchingRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) - Specified by:
getMatchingRequest
in interfaceorg.springframework.security.web.savedrequest.RequestCache
-
removeRequest
public void removeRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) - Specified by:
removeRequest
in interfaceorg.springframework.security.web.savedrequest.RequestCache
-
isErrorRequest
public boolean isErrorRequest(jakarta.servlet.http.HttpServletRequest request) -
setPortResolver
public void setPortResolver(org.springframework.security.web.PortResolver portResolver) -
setRequestMatcher
public void setRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher) -
setErrorRequestMatcher
public void setErrorRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher errorRequestMatcher)
-