Class URLWhiteListHelper


  • public class URLWhiteListHelper
    extends java.lang.Object
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean isSameOrigin​(java.net.URI uri, javax.servlet.http.HttpServletRequest request)
      Validates the URL string is same origin as request.
      static boolean isValidDomains​(java.net.URI uri)
      Validates the uri has a valid domain through whitelist.
      static boolean isValidProtocol​(java.net.URI uri)
      Validates the uri has a valid protocol through whitelist.
      static boolean isValidRedirect​(java.lang.String location, javax.servlet.http.HttpServletRequest request)
      Validates the URL string is a valid redirect URL.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • isValidDomains

        public static boolean isValidDomains​(java.net.URI uri)
        Validates the uri has a valid domain through whitelist.
        Parameters:
        uri - a URI representing a uri
        Returns:
        true if RedirectResponseFilter is commented out in WEB-INF\web.xml or domains equals "*" or domains contains uri' host or *.uri or uri is a relative uri.
      • isValidProtocol

        public static boolean isValidProtocol​(java.net.URI uri)
        Validates the uri has a valid protocol through whitelist.
        Parameters:
        uri - a URI representing a uri
        Returns:
        true if RedirectResponseFilter is commented out in WEB-INF\web.xml or allowedProtocols equals "*" or allowedProtocols contains uri's scheme or uri is a relative uri.
      • isSameOrigin

        public static boolean isSameOrigin​(java.net.URI uri,
                                           javax.servlet.http.HttpServletRequest request)
        Validates the URL string is same origin as request.
        Parameters:
        uri - a URI representing a URL
        request - the HttpServletRequest representing the request
        Returns:
        true if the redirect URL has the same protocol and same domain as request at the same time.
      • isValidRedirect

        public static boolean isValidRedirect​(java.lang.String location,
                                              javax.servlet.http.HttpServletRequest request)
        Validates the URL string is a valid redirect URL.
        Parameters:
        location - a String representing a URL
        request - a HttpServletRequest representing the http request
        Returns:
        true if disable whitelist in web.xml or enable whitelist and it has valid protocol and valid domain or the redirect URL is same origin as request or uri is a relative uri.