: Class ServletURLEncoder

Overview

Package

Class

Tree

Deprecated

Index

Help

UIX 2.2.16

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

oracle.cabo.share.url
Class ServletURLEncoder

java.lang.Object
  |
  +--oracle.cabo.share.url.ServletURLEncoder

All Implemented Interfaces:: URLEncoder

Direct Known Subclasses:: BasePageEncoder

public class ServletURLEncoder
extends java.lang.Object
implements URLEncoder

This URLEncoder encodes URLs with the servlet session ID if the client browser does not support cookies. No parameter encoding is done.

By default, session ID encoding is turned off. It must be explicitly turned on with setURLEncodingEnabled(). We've chosen this behavior as the safe, secure alternative. If a hacker gains access to webserver logs, he might be able to hijack a user session if the session IDs are in the URLs.

Constructor Summary

ServletURLEncoder(javax.servlet.http.HttpServletResponse response, java.lang.String defaultURL)


Method Summary

java.lang.String encodeParameter(java.lang.String key)
          The method in this class simply returns the input parameter key

java.lang.String encodeURL(java.lang.String url)
          This implementation calls encodeURL on the HttpServletResponse.

java.lang.String getDefaultURL()


boolean isURLEncodingEnabled()
          Returns whether URL encoding is enabled.

void setURLEncodingEnabled(boolean encodeURLs)
          Enables or disables session-encoding of URLs.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ServletURLEncoder

public ServletURLEncoder(javax.servlet.http.HttpServletResponse response,
                         java.lang.String defaultURL)

Parameters:: response - the ServletResponse that will be used to encode an URL.; defaultURL - the default URL.
Throws:: NullPointerException - if response is null
See Also:: getDefaultURL()

Method Detail

isURLEncodingEnabled

public boolean isURLEncodingEnabled()

Returns whether URL encoding is enabled.

setURLEncodingEnabled

public void setURLEncodingEnabled(boolean encodeURLs)

Enables or disables session-encoding of URLs. Note that turning this feature on can introduce security holes - a hacker that gains access to webserver logs may be able to hijack user sessions by extracting the ID.

encodeURL

public java.lang.String encodeURL(java.lang.String url)

This implementation calls encodeURL on the HttpServletResponse. The first time this method is called it encodes the default URL and sees if the encoding changed the URL, to make sure that URL encoding is necessary. If it is determined that URL encoding is not necessary then all subsequent calls simply return the input parameter.

Specified by:: encodeURL in interface URLEncoder

Parameters:: url - the URL to encode. maybe null
Returns:: the encoded URL, or null if url was null.
See Also:: URLEncoder.encodeURL(String), HttpServletResponse.encodeURL(String)

encodeParameter

public java.lang.String encodeParameter(java.lang.String key)

The method in this class simply returns the input parameter key

Specified by:: encodeParameter in interface URLEncoder

See Also:: URLEncoder.encodeParameter(String)

getDefaultURL

public java.lang.String getDefaultURL()

Specified by:: getDefaultURL in interface URLEncoder

Returns:: the defaultURL that this encoder was constructed with.
See Also:: URLEncoder.getDefaultURL()