private static byte[] serializeSavedRequest( final Object obj ) { if(obj == null) { return null; } final SavedRequest savedRequest = (SavedRequest) obj; ByteArrayOutputStream bos = null; ObjectOutputStream oos = null; try { bos = new ByteArrayOutputStream(); oos = new ObjectOutputStream( bos ); oos.writeObject(savedRequest.getBody()); oos.writeObject(savedRequest.getContentType()); // Cookies not cloneable... omit for now - oos.writeObject(newArrayList(savedRequest.getCookies())); oos.writeObject(getHeaders(savedRequest)); oos.writeObject(newArrayList(savedRequest.getLocales())); oos.writeObject(savedRequest.getMethod()); // obj.getParameters() are not used in tc6 and not existing in tc7 // -> we omit them here oos.writeObject(savedRequest.getQueryString()); oos.writeObject(savedRequest.getRequestURI()); oos.writeObject(savedRequest.getDecodedRequestURI()); oos.flush(); return bos.toByteArray(); } catch ( final IOException e ) { throw new IllegalArgumentException( "Non-serializable object", e ); } finally { closeSilently( bos ); closeSilently( oos ); } }
@Override protected boolean isContinuationRequired(Request request) { // Special handling for form-based logins to deal with the case // where the login form (and therefore the "j_security_check" URI // to which it submits) might be outside the secured area String contextPath = this.context.getPath(); String decodedRequestURI = request.getDecodedRequestURI(); if (decodedRequestURI.startsWith(contextPath) && decodedRequestURI.endsWith(Constants.FORM_ACTION)) { return true; } // Special handling for form-based logins to deal with the case where // a resource is protected for some HTTP methods but not protected for // GET which is used after authentication when redirecting to the // protected resource. // TODO: This is similar to the FormAuthenticator.matchRequest() logic // Is there a way to remove the duplication? Session session = request.getSessionInternal(false); if (session != null) { SavedRequest savedRequest = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (savedRequest != null && decodedRequestURI.equals(savedRequest.getDecodedRequestURI())) { return true; } } return false; }
private static byte[] serializeSavedRequest( final Object obj ) { if(obj == null) { return null; } final SavedRequest savedRequest = (SavedRequest) obj; ByteArrayOutputStream bos = null; ObjectOutputStream oos = null; try { bos = new ByteArrayOutputStream(); oos = new ObjectOutputStream( bos ); oos.writeObject(savedRequest.getBody()); oos.writeObject(savedRequest.getContentType()); // Cookies not cloneable... omit for now - oos.writeObject(newArrayList(savedRequest.getCookies())); oos.writeObject(getHeaders(savedRequest)); oos.writeObject(newArrayList(savedRequest.getLocales())); oos.writeObject(savedRequest.getMethod()); // obj.getParameters() are not used in tc6 and not existing in tc7 // -> we omit them here oos.writeObject(savedRequest.getQueryString()); oos.writeObject(savedRequest.getRequestURI()); oos.writeObject(savedRequest.getDecodedRequestURI()); oos.flush(); return bos.toByteArray(); } catch ( final IOException e ) { throw new IllegalArgumentException( "Non-serializable object", e ); } finally { closeSilently( bos ); closeSilently( oos ); } }
@Override protected boolean isContinuationRequired(Request request) { // Special handling for form-based logins to deal with the case // where the login form (and therefore the "j_security_check" URI // to which it submits) might be outside the secured area String contextPath = this.context.getPath(); String decodedRequestURI = request.getDecodedRequestURI(); if (decodedRequestURI.startsWith(contextPath) && decodedRequestURI.endsWith(Constants.FORM_ACTION)) { return true; } // Special handling for form-based logins to deal with the case where // a resource is protected for some HTTP methods but not protected for // GET which is used after authentication when redirecting to the // protected resource. // TODO: This is similar to the FormAuthenticator.matchRequest() logic // Is there a way to remove the duplication? Session session = request.getSessionInternal(false); if (session != null) { SavedRequest savedRequest = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (savedRequest != null && decodedRequestURI.equals(savedRequest.getDecodedRequestURI())) { return true; } } return false; }
/** * Does this request match the saved one (so that it must be the redirect * we signalled after successful authentication? * * @param request The request to be verified */ protected boolean matchRequest(Request request) { // Has a session been created? Session session = request.getSessionInternal(false); if (session == null) return (false); // Is there a saved request? SavedRequest sreq = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (sreq == null) return (false); // Is there a saved principal? if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) return (false); // Does the request URI match? String decodedRequestURI = request.getDecodedRequestURI(); if (decodedRequestURI == null) return (false); return (decodedRequestURI.equals(sreq.getDecodedRequestURI())); }
/** * Does this request match the saved one (so that it must be the redirect * we signaled after successful authentication? * * @param request The request to be verified * @return <code>true</code> if the requests matched the saved one */ protected boolean matchRequest(Request request) { // Has a session been created? Session session = request.getSessionInternal(false); if (session == null) { return false; } // Is there a saved request? SavedRequest sreq = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (sreq == null) { return false; } // Is there a saved principal? if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) { return false; } // Does the request URI match? String decodedRequestURI = request.getDecodedRequestURI(); if (decodedRequestURI == null) { return false; } return decodedRequestURI.equals(sreq.getDecodedRequestURI()); }
/** * Does this request match the saved one (so that it must be the redirect * we signaled after successful authentication? * * @param request The request to be verified */ protected boolean matchRequest(Request request) { // Has a session been created? Session session = request.getSessionInternal(false); if (session == null) { return (false); } // Is there a saved request? SavedRequest sreq = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (sreq == null) { return (false); } // Is there a saved principal? if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) { return (false); } // Does the request URI match? String decodedRequestURI = request.getDecodedRequestURI(); if (decodedRequestURI == null) { return (false); } return (decodedRequestURI.equals(sreq.getDecodedRequestURI())); }
/** * Does this request match the saved one (so that it must be the redirect * we signaled after successful authentication? * * @param request The request to be verified */ protected boolean matchRequest(Request request) { // Has a session been created? Session session = request.getSessionInternal(false); if (session == null) { return false; } // Is there a saved request? SavedRequest sreq = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (sreq == null) { return false; } // Is there a saved principal? if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) { return false; } // Does the request URI match? String decodedRequestURI = request.getDecodedRequestURI(); if (decodedRequestURI == null) { return false; } return decodedRequestURI.equals(sreq.getDecodedRequestURI()); }
/** * Does this request match the saved one (so that it must be the redirect * we signaled after successful authentication? * * @param request The request to be verified * @return <code>true</code> if the requests matched the saved one */ protected boolean matchRequest(Request request) { // Has a session been created? Session session = request.getSessionInternal(false); if (session == null) { return false; } // Is there a saved request? SavedRequest sreq = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (sreq == null) { return false; } // Is there a saved principal? if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) { return false; } // Does the request URI match? String decodedRequestURI = request.getDecodedRequestURI(); if (decodedRequestURI == null) { return false; } return decodedRequestURI.equals(sreq.getDecodedRequestURI()); }
if (decodedRequestURI != null && decodedRequestURI.equals( savedRequest.getDecodedRequestURI())) { if (!authenticate(request, response)) { if (log.isDebugEnabled()) {