public abstract class SaveContextOnUpdateOrErrorResponseWrapper
extends javax.servlet.http.HttpServletResponseWrapper
SecurityContext when a sendError(), sendRedirect,
getOutputStream().close(), getOutputStream().flush(), getWriter().close(), or
getWriter().flush() happens. See issue SEC-398 and SEC-2005.
Sub-classes should implement the saveContext(SecurityContext context) method.
Support is also provided for disabling URL rewriting
SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY| Constructor and Description |
|---|
SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response,
boolean disableUrlRewriting) |
| Modifier and Type | Method and Description |
|---|---|
String |
encodeRedirectUrl(String url) |
String |
encodeRedirectURL(String url) |
String |
encodeUrl(String url) |
String |
encodeURL(String url) |
void |
flushBuffer()
Makes sure the context is stored before calling the
superclass
flushBuffer() |
javax.servlet.ServletOutputStream |
getOutputStream()
Makes sure the context is stored before calling
getOutputStream().close() or
getOutputStream().flush() |
PrintWriter |
getWriter()
Makes sure the context is stored before calling
getWriter().close() or
getWriter().flush() |
boolean |
isContextSaved()
Tells if the response wrapper has called
saveContext() because of this wrapper. |
protected abstract void |
saveContext(SecurityContext context)
Implements the logic for storing the security context.
|
void |
sendError(int sc)
Makes sure the session is updated before calling the
superclass
sendError() |
void |
sendError(int sc,
String msg)
Makes sure the session is updated before calling the
superclass
sendError() |
void |
sendRedirect(String location)
Makes sure the context is stored before calling the
superclass
sendRedirect() |
addCookie, addDateHeader, addHeader, addIntHeader, containsHeader, setDateHeader, setHeader, setIntHeader, setStatus, setStatusgetBufferSize, getCharacterEncoding, getContentType, getLocale, getResponse, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentType, setLocale, setResponsepublic SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response,
boolean disableUrlRewriting)
response - the response to be wrappeddisableUrlRewriting - turns the URL encoding methods into null operations, preventing the use
of URL rewriting to add the session identifier as a URL parameter.protected abstract void saveContext(SecurityContext context)
context - the SecurityContext instance to storepublic final void sendError(int sc)
throws IOException
sendError()sendError in interface javax.servlet.http.HttpServletResponsesendError in class javax.servlet.http.HttpServletResponseWrapperIOExceptionpublic final void sendError(int sc,
String msg)
throws IOException
sendError()sendError in interface javax.servlet.http.HttpServletResponsesendError in class javax.servlet.http.HttpServletResponseWrapperIOExceptionpublic final void sendRedirect(String location) throws IOException
sendRedirect()sendRedirect in interface javax.servlet.http.HttpServletResponsesendRedirect in class javax.servlet.http.HttpServletResponseWrapperIOExceptionpublic javax.servlet.ServletOutputStream getOutputStream()
throws IOException
getOutputStream().close() or
getOutputStream().flush()getOutputStream in interface javax.servlet.ServletResponsegetOutputStream in class javax.servlet.ServletResponseWrapperIOExceptionpublic PrintWriter getWriter() throws IOException
getWriter().close() or
getWriter().flush()getWriter in interface javax.servlet.ServletResponsegetWriter in class javax.servlet.ServletResponseWrapperIOExceptionpublic void flushBuffer()
throws IOException
flushBuffer()flushBuffer in interface javax.servlet.ServletResponseflushBuffer in class javax.servlet.ServletResponseWrapperIOExceptionpublic final String encodeRedirectUrl(String url)
encodeRedirectUrl in interface javax.servlet.http.HttpServletResponseencodeRedirectUrl in class javax.servlet.http.HttpServletResponseWrapperpublic final String encodeRedirectURL(String url)
encodeRedirectURL in interface javax.servlet.http.HttpServletResponseencodeRedirectURL in class javax.servlet.http.HttpServletResponseWrapperpublic final String encodeUrl(String url)
encodeUrl in interface javax.servlet.http.HttpServletResponseencodeUrl in class javax.servlet.http.HttpServletResponseWrapperpublic final String encodeURL(String url)
encodeURL in interface javax.servlet.http.HttpServletResponseencodeURL in class javax.servlet.http.HttpServletResponseWrapperpublic final boolean isContextSaved()
saveContext() because of this wrapper.