Class CookieRequestCache

java.lang.Object
com.broadleafcommerce.auth.user.session.CookieRequestCache
All Implemented Interfaces:
org.springframework.security.web.savedrequest.RequestCache

public class CookieRequestCache extends Object implements org.springframework.security.web.savedrequest.RequestCache

Alternative storage mechanism for an original destination before being redirected for login. Normally, Spring stores the original destination as part of the session, which requires state to be maintained on the server. The approach used here stores the original request url in a cookie. This cookie can then be retrieved at a later time and used to return the user to the original destination. This allows for a stateless implementation for saved requests.

As an additional safety measure, the cookie information is delivered in the form of a signed JWT token so that the authenticity of the cookie information can be confirmed. This should never be required, but if for some reason the cookie was to be replaced by an unknown attack mechanism, it would not be verified and any attempt to use the saved cookie value would fail.

Author:
Jeff Fischer
  • Constructor Summary

    Constructors
    Constructor
    Description
    CookieRequestCache(StatelessUtil statelessUtil, boolean useRedirectUriHost)
     
  • Method Summary

    Modifier and Type
    Method
    Description
    jakarta.servlet.http.HttpServletRequest
    getMatchingRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
     
    org.springframework.security.web.savedrequest.SavedRequest
    getRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
     
    boolean
    isErrorRequest(jakarta.servlet.http.HttpServletRequest request)
     
    void
    removeRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
     
    void
    saveRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
     
    void
    setErrorRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher errorRequestMatcher)
     
    void
    setPortResolver(org.springframework.security.web.PortResolver portResolver)
     
    void
    setRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • CookieRequestCache

      public CookieRequestCache(StatelessUtil statelessUtil, boolean useRedirectUriHost)
  • Method Details

    • saveRequest

      public void saveRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Specified by:
      saveRequest in interface org.springframework.security.web.savedrequest.RequestCache
    • getRequest

      public org.springframework.security.web.savedrequest.SavedRequest getRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Specified by:
      getRequest in interface org.springframework.security.web.savedrequest.RequestCache
    • getMatchingRequest

      public jakarta.servlet.http.HttpServletRequest getMatchingRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Specified by:
      getMatchingRequest in interface org.springframework.security.web.savedrequest.RequestCache
    • removeRequest

      public void removeRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Specified by:
      removeRequest in interface org.springframework.security.web.savedrequest.RequestCache
    • isErrorRequest

      public boolean isErrorRequest(jakarta.servlet.http.HttpServletRequest request)
    • setPortResolver

      public void setPortResolver(org.springframework.security.web.PortResolver portResolver)
    • setRequestMatcher

      public void setRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher)
    • setErrorRequestMatcher

      public void setErrorRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher errorRequestMatcher)