Package org.apache.shiro.web.util

Class WebUtils

  • public class WebUtils
extends Object
    Simple utility class for operations used across multiple class hierarchies in the web framework code.

    Some methods in this class were copied from the Spring Framework so we didn't have to re-invent the wheel, and in these cases, we have retained all license, copyright and author information.

    Since:
    0.9

    • Method Detail

      • getPathWithinApplication

        public static String getPathWithinApplication​(HttpServletRequest request)
        Return the path within the web application for the given request. Detects include request URL if called within a RequestDispatcher include.

        For example, for a request to URL

        http://www.somehost.com/myapp/my/url.jsp,

        for an application deployed to /mayapp (the application's context path), this method would return

        /my/url.jsp.

        Parameters:
        request - current HTTP request
        Returns:
        the path within the web application

      • getRequestUri

        @Deprecated
public static String getRequestUri​(HttpServletRequest request)
        Deprecated.
        use getPathWithinApplication() to get the path minus the context path, or call HttpServletRequest.getRequestURI() directly from your code.
        Return the request URI for the given request, detecting an include request URL if called within a RequestDispatcher include.

        As the value returned by request.getRequestURI() is not decoded by the servlet container, this method will decode it.

        The URI that the web container resolves should be correct, but some containers like JBoss/Jetty incorrectly include ";" strings like ";jsessionid" in the URI. This method cuts off such incorrect appendices.

        Parameters:
        request - current HTTP request
        Returns:
        the request URI

      • normalize

        public static String normalize​(String path)
        Normalize a relative URI path that may have relative values ("/./", "/../", and so on ) it it. WARNING - This method is useful only for normalizing application-generated paths. It does not try to perform security checks for malicious input. Normalize operations were was happily taken from org.apache.catalina.util.RequestUtil in Tomcat trunk, r939305
        Parameters:
        path - Relative path to be normalized
        Returns:
        normalized path

      • getContextPath

        public static String getContextPath​(HttpServletRequest request)
        Return the context path for the given request, detecting an include request URL if called within a RequestDispatcher include.

        As the value returned by request.getContextPath() is not decoded by the servlet container, this method will decode it.

        Parameters:
        request - current HTTP request
        Returns:
        the context path

      • getWebEnvironment

        public static WebEnvironment getWebEnvironment​(ServletContext sc,
                                               String attrName)
        Find the Shiro WebEnvironment for this web application.
        Parameters:
        sc - ServletContext to find the web application context for
        attrName - the name of the ServletContext attribute to look for
        Returns:
        the desired WebEnvironment for this web app, or null if none
        Since:
        1.2

      • isWeb

        public static boolean isWeb​(Object requestPairSource)

      • isHttp

        public static boolean isHttp​(Object requestPairSource)

      • _isSessionCreationEnabled

        public static boolean _isSessionCreationEnabled​(Object requestPairSource)
        Returns true if a session is allowed to be created for a subject-associated request, false otherwise.

        This method exists for Shiro's internal framework needs and should never be called by Shiro end-users. It could be changed/removed at any time.

        Parameters:
        requestPairSource - a RequestPairSource instance, almost always a WebSubject instance.
        Returns:
        true if a session is allowed to be created for a subject-associated request, false otherwise.

      • _isSessionCreationEnabled

        public static boolean _isSessionCreationEnabled​(ServletRequest request)
        Returns true if a session is allowed to be created for a subject-associated request, false otherwise.

        This method exists for Shiro's internal framework needs and should never be called by Shiro end-users. It could be changed/removed at any time.

        Parameters:
        request - incoming servlet request.
        Returns:
        true if a session is allowed to be created for a subject-associated request, false otherwise.

      • toHttp

        public static HttpServletRequest toHttp​(ServletRequest request)
        A convenience method that merely casts the incoming ServletRequest to an HttpServletRequest:

        return (HttpServletRequest)request;

        Logic could be changed in the future for logging or throwing an meaningful exception in non HTTP request environments (e.g. Portlet API).

        Parameters:
        request - the incoming ServletRequest
        Returns:
        the request argument casted to an HttpServletRequest.

      • toHttp

        public static HttpServletResponse toHttp​(ServletResponse response)
        A convenience method that merely casts the incoming ServletResponse to an HttpServletResponse:

        return (HttpServletResponse)response;

        Logic could be changed in the future for logging or throwing an meaningful exception in non HTTP request environments (e.g. Portlet API).

        Parameters:
        response - the outgoing ServletResponse
        Returns:
        the response argument casted to an HttpServletResponse.

      • issueRedirect

        public static void issueRedirect​(ServletRequest request,
                                 ServletResponse response,
                                 String url,
                                 Map queryParams,
                                 boolean contextRelative,
                                 boolean http10Compatible)
                          throws IOException
        Redirects the current request to a new URL based on the given parameters.
        Parameters:
        request - the servlet request.
        response - the servlet response.
        url - the URL to redirect the user to.
        queryParams - a map of parameters that should be set as request parameters for the new request.
        contextRelative - true if the URL is relative to the servlet context path, or false if the URL is absolute.
        http10Compatible - whether to stay compatible with HTTP 1.0 clients.
        Throws:
        IOException - if thrown by response methods.

      • issueRedirect

        public static void issueRedirect​(ServletRequest request,
                                 ServletResponse response,
                                 String url)
                          throws IOException
        Redirects the current request to a new URL based on the given parameters and default values for unspecified parameters.
        Parameters:
        request - the servlet request.
        response - the servlet response.
        url - the URL to redirect the user to.
        Throws:
        IOException - if thrown by response methods.

      • issueRedirect

        public static void issueRedirect​(ServletRequest request,
                                 ServletResponse response,
                                 String url,
                                 Map queryParams)
                          throws IOException
        Redirects the current request to a new URL based on the given parameters and default values for unspecified parameters.
        Parameters:
        request - the servlet request.
        response - the servlet response.
        url - the URL to redirect the user to.
        queryParams - a map of parameters that should be set as request parameters for the new request.
        Throws:
        IOException - if thrown by response methods.

      • issueRedirect

        public static void issueRedirect​(ServletRequest request,
                                 ServletResponse response,
                                 String url,
                                 Map queryParams,
                                 boolean contextRelative)
                          throws IOException
        Redirects the current request to a new URL based on the given parameters and default values for unspecified parameters.
        Parameters:
        request - the servlet request.
        response - the servlet response.
        url - the URL to redirect the user to.
        queryParams - a map of parameters that should be set as request parameters for the new request.
        contextRelative - true if the URL is relative to the servlet context path, or false if the URL is absolute.
        Throws:
        IOException - if thrown by response methods.

      • isTrue

        public static boolean isTrue​(ServletRequest request,
                             String paramName)

        Checks to see if a request param is considered true using a loose matching strategy for general values that indicate that something is true or enabled, etc.

        Values that are considered "true" include (case-insensitive): true, t, 1, enabled, y, yes, on.

        Parameters:
        request - the servlet request
        paramName -
        Returns:
        true if the param value is considered true or false if it isn't.

      • getCleanParam

        public static String getCleanParam​(ServletRequest request,
                                   String paramName)
        Convenience method that returns a request parameter value, first running it through StringUtils.clean(String).
        Parameters:
        request - the servlet request.
        paramName - the parameter name.
        Returns:
        the clean param value, or null if the param does not exist or is empty.

      • redirectToSavedRequest

        public static void redirectToSavedRequest​(ServletRequest request,
                                          ServletResponse response,
                                          String fallbackUrl)
                                   throws IOException
        Redirects the to the request url from a previously saved request, or if there is no saved request, redirects the end user to the specified fallbackUrl. If there is no saved request or fallback url, this method throws an IllegalStateException.

        This method is primarily used to support a common login scenario - if an unauthenticated user accesses a page that requires authentication, it is expected that request is saved first and then redirected to the login page. Then, after a successful login, this method can be called to redirect them back to their originally requested URL, a nice usability feature.

        Parameters:
        request - the incoming request
        response - the outgoing response
        fallbackUrl - the fallback url to redirect to if there is no saved request available.
        Throws:
        IllegalStateException - if there is no saved request and the fallbackUrl is null.
        IOException - if there is an error redirecting
        Since:
        1.0