DefaultRedirectPolicy (Atlassian Seraph 2.6.1-SNAPSHOT API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.seraph.config
Class DefaultRedirectPolicy

java.lang.Object
  com.atlassian.seraph.config.DefaultRedirectPolicy

All Implemented Interfaces:: RedirectPolicy, Initable

public class DefaultRedirectPolicy
extends Object
implements RedirectPolicy
extends Object
implements RedirectPolicy

Constructor Summary
`DefaultRedirectPolicy()`

Method Summary
`boolean`	`allowedRedirectDestination(String redirectUrl, javax.servlet.http.HttpServletRequest request)` Checks if the given redirectURL is permitted.
`void`	`init(Map<String,String> params, SecurityConfig config)` Initialise the configuration object with the given "init-params".
`boolean`	`isAllowAnyUrl()` Returns true if we allow redirect to any URL at all.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

DefaultRedirectPolicy

public DefaultRedirectPolicy()

Method Detail

init

public void init(Map<String,String> params,
                 SecurityConfig config)

Description copied from interface: Initable

Initialise the configuration object with the given "init-params".

Specified by:: init in interface Initable

Parameters:: params - The map of "init-params" extracted from the Seraph config file. This is guaranteed not null.; config - The Seraph SecurityConfig class that is initialising the config objects. This object will only be partially initialised at this time.

isAllowAnyUrl

public boolean isAllowAnyUrl()

Returns true if we allow redirect to any URL at all. By default this is false, however it may be configured to true in the Seraph config file to allow legacy behaviour.

Returns:: true if we allow redirect to any URL at all.

allowedRedirectDestination

public boolean allowedRedirectDestination(String redirectUrl,
                                          javax.servlet.http.HttpServletRequest request)

Checks if the given redirectURL is permitted.

Uses the configured redirect rules to see if we are allowed to redirect to the given URL. By default, the following is allowed:

Any relative URL
An absolute URL to the same context path as the current incoming request

You can configure this "security-policy" in the Seraph XML config file. eg:

  <redirect-policy class="com.atlassian.seraph.config.SimpleRedirectPolicy">
    <init-param>
      <param-name>allow.any.redirect.url</param-name>
      <param-value>true</param-value>
    </init-param>
  </redirect-policy>

Specified by:: allowedRedirectDestination in interface RedirectPolicy

Parameters:: redirectUrl - Requested redirect URL to be verified.; request - The current incoming request.
Returns:: true if this redirectURL is allowed.