Clean Urls and Redirection

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Clean Urls and Redirection

Joshua Chaitin-Pollak
Hello,

I am using the StripesStuff J2EESecurityManager and the @RolesAllowed
annotation.

When a user who fails the roles test hits a restricted page, our security
manager class intercepts the call, gets the called URL from our
ActionBeanContext class and stores it in the FlashScope, then returns a
ForwardResolution to our Login page.

This process works great, except when we intercept a clean URL. In that
case, when our custom ActionBeanContext class computes the last URL, it
ends up including the clean-URL arguments as request parameters, so
what used to be:

/api/user/1345/document/1235

becomes:

/api/user/14/document/35?user=14&document=35

which is functionally correct, but not really attractive. Since some of the
pages are single page apps with anchor tags, I'd really like to keep the URLs
clean.

It seems that by the time the SecurityManager has intercepted the call, the
clean url parameters have been extracted and placed into the request
parameters.

Is there a way for us to either intercept the call before the clean url
parameters are added to the request, or alternatively is there a way to
differentiate between clean url parameters and regular parameters?

Our ActionBeanContext has a .getLastUrl() function that does something
like this:

    StringBuilder sb = new StringBuilder();
    String uri =
        (String) req.getAttribute("javax.servlet.forward.request_uri");
    sb.append(uri);
    sb.append('?');
    Map<String, String[]> map
          = new HashMap<String, String[]>(req.getParameterMap());

    // Append the parameters to the URL
    for (String key : map.keySet()) {
        String[] values = map.get(key);
        for (String value : values) {
            sb.append(key).append('=').append(value).append('&');
        }
    }
    // Remove the last '&'
    sb.deleteCharAt(sb.length() - 1);

    return sb.toString();




------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Clean Urls and Redirection

Iwao AVE!
Hi Joshua,

If your security interceptor captures the request before forwarding to the login page, it would be easier to build the requested URL by calling these methods of HttpServletRequest.

* getServletPath();
* getPathInfo();
* getQueryString();

Regards,
Iwao

2013/6/19 Joshua Chaitin-Pollak <<a href="javascript:;" onclick="_e(event, &#39;cvml&#39;, &#39;josh@assuredlabor.com&#39;)">josh@...>:
> Hello,
>
> I am using the StripesStuff J2EESecurityManager and the @RolesAllowed
> annotation.
>
> When a user who fails the roles test hits a restricted page, our security
> manager class intercepts the call, gets the called URL from our
> ActionBeanContext class and stores it in the FlashScope, then returns a
> ForwardResolution to our Login page.
>
> This process works great, except when we intercept a clean URL. In that
> case, when our custom ActionBeanContext class computes the last URL, it
> ends up including the clean-URL arguments as request parameters, so
> what used to be:
>
> /api/user/1345/document/1235
>
> becomes:
>
> /api/user/14/document/35?user=14&document=35
>
> which is functionally correct, but not really attractive. Since some of the
> pages are single page apps with anchor tags, I'd really like to keep the URLs
> clean.
>
> It seems that by the time the SecurityManager has intercepted the call, the
> clean url parameters have been extracted and placed into the request
> parameters.
>
> Is there a way for us to either intercept the call before the clean url
> parameters are added to the request, or alternatively is there a way to
> differentiate between clean url parameters and regular parameters?
>
> Our ActionBeanContext has a .getLastUrl() function that does something
> like this:
>
>     StringBuilder sb = new StringBuilder();
>     String uri =
>         (String) req.getAttribute("javax.servlet.forward.request_uri");
>     sb.append(uri);
>     sb.append('?');
>     Map<String, String[]> map
>           = new HashMap<String, String[]>(req.getParameterMap());
>
>     // Append the parameters to the URL
>     for (String key : map.keySet()) {
>         String[] values = map.get(key);
>         for (String value : values) {
>             sb.append(key).append('=').append(value).append('&');
>         }
>     }
>     // Remove the last '&'
>     sb.deleteCharAt(sb.length() - 1);
>
>     return sb.toString();
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> Stripes-users mailing list
> <a href="javascript:;" onclick="_e(event, &#39;cvml&#39;, &#39;Stripes-users@lists.sourceforge.net&#39;)">Stripes-users@...
> https://lists.sourceforge.net/lists/listinfo/stripes-users


------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users