In Spring MVC 2.5 with Jetty - probably with any servlet container -, I want to redirect to an external site using RedirectView via the magic "redirect:" prefix for the view name in ModelAndView.
Unfortunately, RedirectView uses response.encodeRedirectURL(), so my (otherwiese wanted) session id is appended to the URL. It is not only a security risk to carry the session id to the external site, the ";jsessionid=gagnbaba" string may also be interpreted as part of the ContextPath/PathInfo on the other site, resulting in a bad URL.
Any "springish" options other than implement my own ExternalRedirectView... and also hack the ViewResolver to interpret a "externalRedirect:" prefix? (Requiring cookies is not an option.)
Moritz
Now here is ExternalRedirectView as planned in my comment above... did it that way.
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.view.RedirectView;
/** variant of RedirectView, will not add a session id to the url
*/
public class ExternalRedirectView extends RedirectView {
public ExternalRedirectView(String url, boolean contextRelative) {
super(url, contextRelative);
}
/** copied from @link{RedirectView#sendRedirect} and removed calls to
* reponse.encodeRedirectURL()
*/
@Override
protected void sendRedirect( HttpServletRequest request,
HttpServletResponse response, String targetUrl,
boolean http10Compatible ) throws IOException {
if (http10Compatible) {
// Always send status code 302.
response.sendRedirect(targetUrl);
}
else {
// Correct HTTP status code is 303, in particular for POST requests.
response.setStatus(303);
response.setHeader("Location", targetUrl);
}
}
}
I also already had my own ViewResolver in which I added the functionality for the new externalRedirect: magic vier name prefix, which now reads:
class MyViewResolver extends AbstractCachingViewResolver implements BeanFactoryAware {
[...]
private static final String EXTERNAL_REDIRECT_URL_PREFIX = "externalRedirect:";
[...]
@Override
protected View loadView( String viewName, Locale locale ) throws Exception {
View view;
if (viewName.startsWith(UrlBasedViewResolver.REDIRECT_URL_PREFIX))
{
view = new RedirectView(viewName.substring(UrlBasedViewResolver.REDIRECT_URL_PREFIX.length()), true);
}
else if (viewName.startsWith(EXTERNAL_REDIRECT_URL_PREFIX))
{
view = new ExternalRedirectView(viewName.substring(EXTERNAL_REDIRECT_URL_PREFIX.length()), true);
}
else
[...] Thanks to everyone who read this and thought about it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With