AuthURLValidator.java example

Explorer

spiffyui-master
- spiffyui
  - build
    - maven
      - example-client
        src
        main
        java
        org
        spiffyui
        maven
        examples
        client
        Index.java
      - example-war
        src
        main
        java
        org
        spiffyui
        hellospiffymaven
        client
        Index.java
        server
        SimpleServlet.java
      - maven-spiffyui-plugin
        src
        main
        java
        org
        spiffyui
        maven
        plugins
        BuildInfoMojo.java
        ClientBuildMojo.java
        ClosureMojo.java
        CssCompressMojo.java
        GZipMojo.java
        GwtCompileMojo.java
        HTMLPropsMojo.java
        InitializeMojo.java
        JSLintMojo.java
        JavaCompileMojo.java
        PackageMojo.java
        ResourcesMojo.java
        RevisionInfoMojo.java
        StubsPropsMojo.java
        utils
        SpiffyGwtModuleReader.java
    - src
      - org
        spiffyui
        build
        ClosureTask.java
        EpochTStampTask.java
        GzipListTask.java
        GzipListUtil.java
        HTMLPropertiesTask.java
        HTMLPropertiesUtil.java
        RevisionInfoBean.java
        RevisionInfoTask.java
        RevisionInfoUtil.java
  - src
    - main
      - java
        org
        spiffyui
        client
        HistoryCallback.java
        HistoryTokenListener.java
        Index.java
        JSDateUtil.java
        JSEffectCallback.java
        JSONUtil.java
        JSUtil.java
        MainFooter.java
        MainHeader.java
        MessageUtil.java
        NumberFormatter.java
        i18n
        SpiffyUIStrings.java
        login
        LoginPanel.java
        LoginStringHelper.java
        LoginStrings.java
        nav
        HasNavBarListenersPanel.java
        MainNavBar.java
        NavBarListener.java
        NavHeader.java
        NavItem.java
        NavPanel.java
        NavSection.java
        NavSeparator.java
        NavWidget.java
        rest
        AuthUtil.java
        ConcurrentRESTCallback.java
        RESTAuthProvider.java
        RESTCallback.java
        RESTException.java
        RESTLoginCallBack.java
        RESTObjectCallBack.java
        RESTOptions.java
        RESTility.java
        util
        RESTAuthConstants.java
        v2
        RESTAuthProvider.java
        RESTOAuthProvider.java
        widgets
        DatePickerTextBox.java
        ExpandingTextArea.java
        FormFeedback.java
        LongMessage.java
        ProgressBar.java
        SlideDownPrefsPanel.java
        SlidingGridPanel.java
        SmallLoadingIndicator.java
        StatusIndicator.java
        TimePickerTextBox.java
        Tooltip.java
        button
        FancyButton.java
        FancySaveButton.java
        RefreshAnchor.java
        SimpleButton.java
        dialog
        ConfirmDialog.java
        Dialog.java
        listener
        SlideDownPrefsPanelToggleListener.java
        multivaluesuggest
        MultivalueSuggestBox.java
        MultivalueSuggestBoxBase.java
        MultivalueSuggestHelper.java
        MultivalueSuggestRESTHelper.java
        slider
        RangeSlider.java
        Slider.java
        SliderEvent.java
        SliderListener.java
        SliderOption.java
        server
        AuthServlet.java
        AuthURLValidator.java
        JSLocaleServlet.java
        JSLocaleUtil.java
        filter
        FilterServletOutputStream.java
        GWTLocaleBundleFilter.java
        GWTLocaleFilter.java
        GenericResponseWrapper.java
        i18n
        BasicBestLocaleMatcher.java
- spiffyui-app
  - src
    - main
      - java
        org
        spiffyui
        spsample
        client
        AuthPanel.java
        AuthTestPanel.java
        BuildPanel.java
        CSSPanel.java
        DatePanel.java
        FormPanel.java
        GetInvolvedPanel.java
        GetStartedPanel.java
        HelpPanel.java
        HostedModePanel.java
        Index.java
        LandingPanel.java
        LicensePanel.java
        OverviewPanel.java
        ProjectCreatorPanel.java
        RESTPanel.java
        SPSampleHeader.java
        SamplesPanel.java
        UnitTestPanel.java
        WidgetsPanel.java
        i18n
        SpiffyRsrc.java
        rest
        SampleAuthBean.java
        SampleAuthUtil.java
        SampleOAuthBean.java
        VersionInfo.java
        widgets
        FancyAutocompleter.java
        server
        CrayonColorsServlet.java
        ProjectCreatorServlet.java
        SampleAuthServer.java
        SampleDataServlet.java
        SampleInitListener.java
        SampleLocaleFilter.java
        SampleOAuthDataServlet.java
        SampleOAuthServer.java
        SiteMapServlet.java
        VersionInfoServlet.java
- spiffyui-template-ant
  - MY_PROJECT
    - src
      - main
        java
        MY_PACKAGE
        client
        Index.java
        resources
        HTMLResources.java
        server
        SimpleServlet.java
- spiffyui-template-maven
  - MY_PROJECT
    - src
      - main
        java
        MY_PACKAGE
        client
        Index.java
        resources
        HTMLResources.java
        server
        LocaleFilter.java
        SimpleServlet.java

/*******************************************************************************
 *
 * Copyright 2011-2014 Spiffy UI Team   
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 ******************************************************************************/
package org.spiffyui.server;

import java.net.MalformedURLException;

import javax.servlet.http.HttpServletRequest;


/**
 * <p>
 * This optional interface makes it possible to provide an authentication server
 * <a href="http://en.wikipedia.org/wiki/Whitelist">whitelist</a>.
 * </p>
 * 
 * <p>
 * The server trusts the client to pass the URL for the authentication server.
 * If the client is compromised (like with an XSS attack) then it could pass the 
 * URL to an untrusted authentication server and get the authentication proxy servlet
 * to forward the user's credentials there.
 * </p>
 * 
 * <p>
 * This is especially dangerous since this serverlet is not governed by the 
 * <a href="http://en.wikipedia.org/wiki/Same_origin_policy">same origin policy</a>
 * like JavaScript running in the browser.  This interface allows you to provide
 * a custom whitelist of trusted authentication servers
 * </p>
 * 
 * <p>
 * If you do not provide this interface the default behavior is to only allow requests
 * to an authentication server hosted on the same web server as the Spiffy UI framework.
 * </p>
 */
public interface AuthURLValidator
{
    /**
     * Validate the specified authentication server WAR against a custom whitelist.
     * 
     * @param request the HTTP request
     * @param uri     the URI to verify
     * 
     * @return true if this request should be allowed and false otherwise
     * @exception MalformedURLException
     *                   if the specified URI is not a valid URI
     */
    boolean validateURI(HttpServletRequest request, String uri)
        throws MalformedURLException;
}