[Stripes-users] Clean Urls and Redirection

Tue, 18 Jun 2013 13:22:45 -0700 

Hello,

I am using the StripesStuff J2EESecurityManager and the @RolesAllowed
annotation. 

When a user who fails the roles test hits a restricted page, our security 
manager class intercepts the call, gets the called URL from our 
ActionBeanContext class and stores it in the FlashScope, then returns a 
ForwardResolution to our Login page.

This process works great, except when we intercept a clean URL. In that
case, when our custom ActionBeanContext class computes the last URL, it
ends up including the clean-URL arguments as request parameters, so 
what used to be:

/api/user/1345/document/1235

becomes:

/api/user/14/document/35?user=14&document=35

which is functionally correct, but not really attractive. Since some of the
pages are single page apps with anchor tags, I'd really like to keep the URLs
clean.

It seems that by the time the SecurityManager has intercepted the call, the 
clean url parameters have been extracted and placed into the request 
parameters.

Is there a way for us to either intercept the call before the clean url
parameters are added to the request, or alternatively is there a way to
differentiate between clean url parameters and regular parameters?

Our ActionBeanContext has a .getLastUrl() function that does something 
like this:

    StringBuilder sb = new StringBuilder();
    String uri = 
        (String) req.getAttribute("javax.servlet.forward.request_uri");
    sb.append(uri);
    sb.append('?');
    Map<String, String[]> map 
          = new HashMap<String, String[]>(req.getParameterMap());

    // Append the parameters to the URL
    for (String key : map.keySet()) {
        String[] values = map.get(key);
        for (String value : values) {
            sb.append(key).append('=').append(value).append('&');
        }
    }
    // Remove the last '&'
    sb.deleteCharAt(sb.length() - 1);

    return sb.toString();




------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Reply via email to