Package org.opennms.web.controller

Class RedirectRestricter

java.lang.Object

org.opennms.web.controller.RedirectRestricter

public class RedirectRestricter
extends java.lang.Object

Open redirects are a security issue: https://www.netsparker.com/blog/web-security/open-redirection-vulnerability-information-prevention/ Therefor we need to make sure that we react only on allowed redirects. This class helps validate redirect requests against a whitelist.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	RedirectRestricter.RedirectRestricterBuilder

Method Summary

Modifier and Type	Method	Description
static RedirectRestricter.RedirectRestricterBuilder	builder()
java.lang.String	getRedirectOrNull(java.lang.String redirect)	Returns the given redirect if allowed, otherwise null.
boolean	isRedirectAllowed(java.lang.String redirect)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

isRedirectAllowed

public boolean isRedirectAllowed(java.lang.String redirect)

getRedirectOrNull

public java.lang.String getRedirectOrNull(java.lang.String redirect)

Returns the given redirect if allowed, otherwise null.

builder

public static RedirectRestricter.RedirectRestricterBuilder builder()