tessl/maven-org-apache-shiro--shiro-web
Web support module for Apache Shiro providing servlet filters, session management, and web-specific authentication and authorization features
—
Pending
web-utilities.mddocs/
Web Utilities
Utility classes for common web operations in Apache Shiro including request handling, path resolution, redirect management, request saving/restoration, and servlet request/response type conversion. These utilities simplify common web security tasks.
Capabilities
WebUtils Class
class WebUtils {
/**
* Returns the path within the application for the given request.
*
* @param request the HTTP servlet request
* @return the path within the application
*/
public static String getPathWithinApplication(HttpServletRequest request);
/**
* Returns the context path for the given request.
*
* @param request the HTTP servlet request
* @return the context path
*/
public static String getContextPath(HttpServletRequest request);
/**
* Retrieves the WebEnvironment from the ServletContext.
*
* @param servletContext the servlet context
* @return the WebEnvironment instance
*/
public static WebEnvironment getWebEnvironment(ServletContext servletContext);
/**
* Issues a redirect to the specified URL.
*
* @param request the servlet request
* @param response the servlet response
* @param url the URL to redirect to
* @throws IOException if redirect fails
*/
public static void issueRedirect(ServletRequest request, ServletResponse response, String url) throws IOException;
/**
* Issues a redirect with query parameters.
*
* @param request the servlet request
* @param response the servlet response
* @param url the URL to redirect to
* @param queryParams query parameters to append
* @param contextRelative whether URL is context-relative
* @param http10Compatible whether to use HTTP 1.0 compatible redirect
* @throws IOException if redirect fails
*/
public static void issueRedirect(ServletRequest request, ServletResponse response, String url,
Map<String, ?> queryParams, boolean contextRelative, boolean http10Compatible)
throws IOException;
/**
* Saves the current request for later restoration.
*
* @param request the servlet request to save
*/
public static void saveRequest(ServletRequest request);
/**
* Retrieves a previously saved request.
*
* @param request the current servlet request
* @return the saved request or null if none exists
*/
public static SavedRequest getSavedRequest(ServletRequest request);
/**
* Retrieves and clears a previously saved request.
*
* @param request the current servlet request
* @return the saved request or null if none exists
*/
public static SavedRequest getAndClearSavedRequest(ServletRequest request);
/**
* Redirects to a previously saved request.
*
* @param request the servlet request
* @param response the servlet response
* @param fallbackUrl URL to redirect to if no saved request exists
* @throws IOException if redirect fails
*/
public static void redirectToSavedRequest(ServletRequest request, ServletResponse response, String fallbackUrl)
throws IOException;
/**
* Converts a ServletRequest to HttpServletRequest.
*
* @param request the servlet request
* @return the HTTP servlet request
*/
public static HttpServletRequest toHttp(ServletRequest request);
/**
* Converts a ServletResponse to HttpServletResponse.
*
* @param response the servlet response
* @return the HTTP servlet response
*/
public static HttpServletResponse toHttp(ServletResponse response);
/**
* Returns whether the request is an HTTP request.
*
* @param request the servlet request
* @return true if request is HTTP
*/
public static boolean isHttp(ServletRequest request);
}SavedRequest Class
class SavedRequest implements Serializable {
/**
* Creates a SavedRequest from the given HTTP request.
*
* @param request the HTTP servlet request to save
*/
public SavedRequest(HttpServletRequest request);
/**
* Returns the HTTP method of the saved request.
*
* @return the HTTP method (GET, POST, etc.)
*/
public String getMethod();
/**
* Returns the query string of the saved request.
*
* @return the query string
*/
public String getQueryString();
/**
* Returns the request URI of the saved request.
*
* @return the request URI
*/
public String getRequestURI();
/**
* Returns the request URL of the saved request.
*
* @return the request URL
*/
public String getRequestURL();
/**
* Returns the parameter map of the saved request.
*
* @return Map of parameter names to value arrays
*/
public Map<String, String[]> getParameterMap();
/**
* Returns the headers of the saved request.
*
* @return Map of header names to value lists
*/
public Map<String, List<String>> getHeaders();
/**
* Returns the locales of the saved request.
*
* @return List of Locale objects
*/
public List<Locale> getLocales();
}RequestPairSource Interface
interface RequestPairSource {
/**
* Returns the servlet request.
*
* @return the ServletRequest instance
*/
ServletRequest getServletRequest();
/**
* Returns the servlet response.
*
* @return the ServletResponse instance
*/
ServletResponse getServletResponse();
}Usage Examples
Request Saving and Restoration
public class LoginController {
public void handleLogin(HttpServletRequest request, HttpServletResponse response) {
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
// Save the original request before redirecting to login
WebUtils.saveRequest(request);
WebUtils.issueRedirect(request, response, "/login");
return;
}
// User is authenticated, redirect to saved request or default
WebUtils.redirectToSavedRequest(request, response, "/dashboard");
}
public void processLogin(HttpServletRequest request, HttpServletResponse response,
String username, String password) {
try {
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
currentUser.login(token);
// Login successful, redirect to saved request
WebUtils.redirectToSavedRequest(request, response, "/dashboard");
} catch (AuthenticationException e) {
// Login failed, redirect back to login page
WebUtils.issueRedirect(request, response, "/login?error=true");
}
}
}Path and URL Utilities
public class SecurityUtils {
public boolean isSecurePath(HttpServletRequest request) {
String path = WebUtils.getPathWithinApplication(request);
return path.startsWith("/admin/") || path.startsWith("/secure/");
}
public String buildAbsoluteUrl(HttpServletRequest request, String relativePath) {
String contextPath = WebUtils.getContextPath(request);
String scheme = request.getScheme();
String serverName = request.getServerName();
int serverPort = request.getServerPort();
StringBuilder url = new StringBuilder();
url.append(scheme).append("://").append(serverName);
if ((scheme.equals("http") && serverPort != 80) ||
(scheme.equals("https") && serverPort != 443)) {
url.append(":").append(serverPort);
}
url.append(contextPath).append(relativePath);
return url.toString();
}
public void enforceHttps(HttpServletRequest request, HttpServletResponse response)
throws IOException {
if (!"https".equals(request.getScheme())) {
String httpsUrl = buildAbsoluteUrl(request, request.getRequestURI())
.replace("http://", "https://");
WebUtils.issueRedirect(request, response, httpsUrl);
}
}
}Custom Redirect Handling
public class CustomRedirectHandler {
public void redirectWithMessage(ServletRequest request, ServletResponse response,
String url, String message) throws IOException {
Map<String, String> params = new HashMap<>();
params.put("message", message);
WebUtils.issueRedirect(request, response, url, params, true, false);
}
public void redirectToLogin(ServletRequest request, ServletResponse response,
String reason) throws IOException {
// Save current request
WebUtils.saveRequest(request);
// Redirect to login with reason
Map<String, String> params = new HashMap<>();
params.put("reason", reason);
WebUtils.issueRedirect(request, response, "/login", params, true, false);
}
public void handleLogout(HttpServletRequest request, HttpServletResponse response)
throws IOException {
Subject currentUser = SecurityUtils.getSubject();
currentUser.logout();
// Clear any saved requests
WebUtils.getAndClearSavedRequest(request);
// Redirect to home page
WebUtils.issueRedirect(request, response, "/?logout=success");
}
}Request Analysis Utilities
public class RequestAnalyzer {
public void analyzeRequest(HttpServletRequest request) {
String path = WebUtils.getPathWithinApplication(request);
String contextPath = WebUtils.getContextPath(request);
System.out.println("Request Analysis:");
System.out.println(" Context Path: " + contextPath);
System.out.println(" Path within App: " + path);
System.out.println(" Full Request URI: " + request.getRequestURI());
System.out.println(" Query String: " + request.getQueryString());
// Check for saved requests
SavedRequest savedRequest = WebUtils.getSavedRequest(request);
if (savedRequest != null) {
System.out.println(" Saved Request:");
System.out.println(" Method: " + savedRequest.getMethod());
System.out.println(" URI: " + savedRequest.getRequestURI());
System.out.println(" Query: " + savedRequest.getQueryString());
}
}
public boolean isSameOrigin(HttpServletRequest request, String url) {
try {
URL requestUrl = new URL(request.getRequestURL().toString());
URL targetUrl = new URL(url);
return requestUrl.getProtocol().equals(targetUrl.getProtocol()) &&
requestUrl.getHost().equals(targetUrl.getHost()) &&
requestUrl.getPort() == targetUrl.getPort();
} catch (MalformedURLException e) {
return false;
}
}
}Install with Tessl CLI
npx tessl i tessl/maven-org-apache-shiro--shiro-web