SEC-1407: Removed original URL matching classes and updated Javadoc of new RequestMatcher versions.

web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java

@@ -39,6 +39,7 @@ import org.springframework.util.StringUtils;
  * <li>
  * As a fallback option, the <tt>defaultTargetUrl</tt> value will be used.
  * </li>
+ * </ul>
  *
  * @author Luke Taylor
  * @since 3.0
@@ -56,13 +57,26 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
     protected AbstractAuthenticationTargetUrlRequestHandler() {
     }
 
+    /**
+     * Invokes the configured {@code RedirectStrategy} with the URL returned by the {@code determineTargetUrl} method.
+     * <p>
+     * The redirect will not be performed if the response has already been committed.
+     */
     protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
             throws IOException, ServletException {
         String targetUrl = determineTargetUrl(request, response);
 
+        if (response.isCommitted()) {
+            logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
+            return;
+        }
+
         redirectStrategy.sendRedirect(request, response, targetUrl);
     }
 
+    /**
+     * Builds the target URL according to the logic defined in the main class Javadoc.
+     */
     protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
         if (isAlwaysUseDefaultTargetUrl()) {
             return defaultTargetUrl;
@@ -102,7 +116,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
      *
      * @return the defaultTargetUrl property
      */
-    protected String getDefaultTargetUrl() {
+    protected final String getDefaultTargetUrl() {
         return defaultTargetUrl;
     }
 
@@ -137,7 +151,7 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
      * The current request will be checked for this parameter before and the value used as the target URL if present.
      *
      *  @param targetUrlParameter the name of the parameter containing the encoded target URL. Defaults
-     *  to "redirect".
+     *  to "spring-security-redirect".
      */
     public void setTargetUrlParameter(String targetUrlParameter) {
         Assert.hasText("targetUrlParameter canot be null or empty");

web/src/main/java/org/springframework/security/web/util/AntPathRequestMatcher.java

@@ -11,7 +11,8 @@ import org.springframework.util.StringUtils;
 
 /**
  * Matcher which compares a pre-defined ant-style pattern against the URL of an
- * {@code HttpServletRequest}. Ignores the query string of the URL.
+ * {@code HttpServletRequest}. Ignores the query string of the URL and always performs
+ * case-insensitive matching.
  *
  * @author Luke Taylor
  * @since 3.1

web/src/main/java/org/springframework/security/web/util/AntUrlPathMatcher.java

@@ -1,50 +0,0 @@
-package org.springframework.security.web.util;
-
-import org.springframework.util.PathMatcher;
-import org.springframework.util.AntPathMatcher;
-
-/**
- * Ant path strategy for URL matching.
- *
- * @author Luke Taylor
- */
-public class AntUrlPathMatcher implements UrlMatcher {
-    private boolean requiresLowerCaseUrl = true;
-    private PathMatcher pathMatcher = new AntPathMatcher();
-
-    public AntUrlPathMatcher() {
-        this(true);
-    }
-
-    public AntUrlPathMatcher(boolean requiresLowerCaseUrl) {
-        this.requiresLowerCaseUrl = requiresLowerCaseUrl;
-    }
-
-    public Object compile(String path) {
-        if (requiresLowerCaseUrl) {
-            return path.toLowerCase();
-        }
-
-        return path;
-    }
-
-    public void setRequiresLowerCaseUrl(boolean requiresLowerCaseUrl) {
-        this.requiresLowerCaseUrl = requiresLowerCaseUrl;
-    }
-
-    public boolean pathMatchesUrl(Object path, String url) {
-        return pathMatcher.match((String)path, url);
-    }
-
-    public String getUniversalMatchPattern() {
-        return "/**";
-    }
-
-    public boolean requiresLowerCaseUrl() {
-        return requiresLowerCaseUrl;
-    }
-
-    public String toString() {
-        return getClass().getName() + "[requiresLowerCase='" + requiresLowerCaseUrl + "']";
-    }
-}

web/src/main/java/org/springframework/security/web/util/RegexRequestMatcher.java

@@ -10,6 +10,13 @@ import org.springframework.http.HttpMethod;
 import org.springframework.util.StringUtils;
 
 /**
+ * Uses a regular expression to decide whether a supplied the URL of a supplied {@code HttpServletRequest}.
+ *
+ * Can also be configured to match a specific HTTP method.
+ *
+ * The match is performed against the {@code servletPath + pathInfo + queryString} of the request and is case-sensitive
+ * by default. Case-insensitive matching can be used by using the constructor which takes the {@code caseInsentitive}
+ * argument.
  *
  * @author Luke Taylor
  * @since 3.1
@@ -20,10 +27,23 @@ public final class RegexRequestMatcher implements RequestMatcher {
     private final Pattern pattern;
     private final HttpMethod httpMethod;
 
+    /**
+     * Creates a case-sensitive {@code Pattern} instance to match against the request.
+     *
+     * @param pattern the regular expression to compile into a pattern.
+     * @param httpMethod the HTTP method to match. May be null to match all methods.
+     */
     public RegexRequestMatcher(String pattern, String httpMethod) {
         this(pattern, httpMethod, false);
     }
 
+    /**
+     * As above, but allows setting of whether case-insensitive matching should be used.
+     *
+     * @param pattern the regular expression to compile into a pattern.
+     * @param httpMethod the HTTP method to match. May be null to match all methods.
+     * @param caseInsensitive if true, the pattern will be compiled with the {@link Pattern.CASE_INSENSITIVE} flag set.
+     */
     public RegexRequestMatcher(String pattern, String httpMethod, boolean caseInsensitive) {
         if (caseInsensitive) {
             this.pattern = Pattern.compile(pattern, Pattern.CASE_INSENSITIVE);
@@ -33,6 +53,13 @@ public final class RegexRequestMatcher implements RequestMatcher {
         this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod.valueOf(httpMethod) : null;
     }
 
+    /**
+     * Performs the match of the request URL ({@code servletPath + pathInfo + queryString}) against
+     * the compiled pattern.
+     *
+     * @param requst the request to match
+     * @return true if the pattern matches the URL, false otherwise.
+     */
     public boolean matches(HttpServletRequest request) {
         if (httpMethod != null && httpMethod != HttpMethod.valueOf(request.getMethod())) {
             return false;

web/src/main/java/org/springframework/security/web/util/RegexUrlPathMatcher.java

@@ -1,32 +0,0 @@
-package org.springframework.security.web.util;
-
-import java.util.regex.Pattern;
-
-/**
- * @author Luke Taylor
- */
-public class RegexUrlPathMatcher implements UrlMatcher {
-    private boolean requiresLowerCaseUrl = false;
-
-    public Object compile(String path) {
-        return Pattern.compile(path);
-    }
-
-    public void setRequiresLowerCaseUrl(boolean requiresLowerCaseUrl) {
-        this.requiresLowerCaseUrl = requiresLowerCaseUrl;
-    }
-
-    public boolean pathMatchesUrl(Object compiledPath, String url) {
-        Pattern pattern = (Pattern)compiledPath;
-
-        return pattern.matcher(url).matches();
-    }
-
-    public String getUniversalMatchPattern() {
-        return "/.*";
-    }
-
-    public boolean requiresLowerCaseUrl() {
-        return requiresLowerCaseUrl;
-    }
-}

web/src/main/java/org/springframework/security/web/util/UrlMatcher.java

@@ -1,23 +0,0 @@
-package org.springframework.security.web.util;
-
-/**
- * Strategy for deciding whether configured path matches a submitted candidate URL.
- *
- * @author Luke Taylor
- * @since 2.0
- */
-public interface UrlMatcher {
-
-    Object compile(String urlPattern);
-
-    boolean pathMatchesUrl(Object compiledUrlPattern, String url);
-
-    /** Returns the path which matches every URL */
-    String getUniversalMatchPattern();
-
-    /**
-     * Returns true if the matcher expects the URL to be converted to lower case before
-     * calling {@link #pathMatchesUrl(Object, String)}.
-     */
-    boolean requiresLowerCaseUrl();
-}