Search in sources :

Example 1 with URLPatternMatcher

use of com.sun.identity.shared.whitelist.URLPatternMatcher in project OpenAM by OpenRock.

the class RedirectUrlValidator method isRedirectUrlValid.

/**
     * Validates the provided redirect URL against the collection of valid goto URL domains found based on the
     * configuration info.
     *
     * @param url The URL that needs to be validated. May be null.
     * @param configInfo The necessary information about the configuration to determine the collection of valid goto
     * URL domains. May not be null.
     * @return <code>true</code> if the provided URL is valid, <code>false</code> otherwise.
     */
public boolean isRedirectUrlValid(final String url, final T configInfo) {
    if (url == null || url.isEmpty()) {
        return false;
    }
    final Collection<String> patterns = domainExtractor.extractValidDomains(configInfo);
    if (DEBUG.messageEnabled()) {
        DEBUG.message("Validating goto URL " + url + " against patterns:\n" + patterns);
    }
    if (url.length() > MAX_URL_LENGTH) {
        return false;
    }
    try {
        final URI uri = new URI(url);
        // Both Absolute and scheme relative URLs should be validated.
        if (!uri.isAbsolute() && !url.startsWith("//")) {
            return true;
        }
        if (uri.getScheme() != null && !uri.getScheme().equals("http") && !uri.getScheme().equals("https")) {
            return false;
        }
    } catch (final URISyntaxException urise) {
        if (DEBUG.messageEnabled()) {
            DEBUG.message("The goto URL " + url + " is not a valid URI", urise);
        }
        return false;
    }
    if (patterns == null || patterns.isEmpty()) {
        if (DEBUG.messageEnabled()) {
            DEBUG.message("There are no patterns to validate the URL against, the goto URL is considered valid");
        }
        return true;
    }
    final URLPatternMatcher patternMatcher = new URLPatternMatcher();
    try {
        return patternMatcher.match(url, patterns, true);
    } catch (MalformedURLException murle) {
        DEBUG.error("An error occurred while validating goto URL: " + url, murle);
        return false;
    }
}
Also used : URLPatternMatcher(com.sun.identity.shared.whitelist.URLPatternMatcher) MalformedURLException(java.net.MalformedURLException) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI)

Aggregations

URLPatternMatcher (com.sun.identity.shared.whitelist.URLPatternMatcher)1 MalformedURLException (java.net.MalformedURLException)1 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1