Class CookieRequestCache
- All Implemented Interfaces:
org.springframework.security.web.savedrequest.RequestCache
Alternative storage mechanism for an original destination before being redirected for login. Normally, Spring stores the original destination as part of the session, which requires state to be maintained on the server. The approach used here stores the original request url in a cookie. This cookie can then be retrieved at a later time and used to return the user to the original destination. This allows for a stateless implementation for saved requests.
As an additional safety measure, the cookie information is delivered in the form of a signed JWT token so that the authenticity of the cookie information can be confirmed. This should never be required, but if for some reason the cookie was to be replaced by an unknown attack mechanism, it would not be verified and any attempt to use the saved cookie value would fail.
- Author:
- Jeff Fischer
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionjakarta.servlet.http.HttpServletRequestgetMatchingRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) org.springframework.security.web.savedrequest.SavedRequestgetRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) booleanisErrorRequest(jakarta.servlet.http.HttpServletRequest request) voidremoveRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) voidsaveRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) voidsetErrorRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher errorRequestMatcher) voidsetPortResolver(org.springframework.security.web.PortResolver portResolver) voidsetRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher)
-
Constructor Details
-
CookieRequestCache
-
-
Method Details
-
saveRequest
public void saveRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) - Specified by:
saveRequestin interfaceorg.springframework.security.web.savedrequest.RequestCache
-
getRequest
public org.springframework.security.web.savedrequest.SavedRequest getRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) - Specified by:
getRequestin interfaceorg.springframework.security.web.savedrequest.RequestCache
-
getMatchingRequest
public jakarta.servlet.http.HttpServletRequest getMatchingRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) - Specified by:
getMatchingRequestin interfaceorg.springframework.security.web.savedrequest.RequestCache
-
removeRequest
public void removeRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) - Specified by:
removeRequestin interfaceorg.springframework.security.web.savedrequest.RequestCache
-
isErrorRequest
public boolean isErrorRequest(jakarta.servlet.http.HttpServletRequest request) -
setPortResolver
public void setPortResolver(org.springframework.security.web.PortResolver portResolver) -
setRequestMatcher
public void setRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher) -
setErrorRequestMatcher
public void setErrorRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher errorRequestMatcher)
-