Oracle UIX API Reference
Release 2.1.22.0.0
B12196-01

oracle.cabo.share.url
Class ServletURLEncoder

java.lang.Object
  |
  +--oracle.cabo.share.url.ServletURLEncoder
All Implemented Interfaces:
URLEncoder
Direct Known Subclasses:
BasePageEncoder

public class ServletURLEncoder
extends java.lang.Object
implements URLEncoder

This URLEncoder encodes URLs with the servlet session ID if the client browser does not support cookies. No parameter encoding is done.

By default, session ID encoding is turned off. It must be explicitly turned on with setURLEncodingEnabled(). We've chosen this behavior as the safe, secure alternative. If a hacker gains access to webserver logs, he might be able to hijack a user session if the session IDs are in the URLs.


Constructor Summary
ServletURLEncoder(javax.servlet.http.HttpServletResponse response, java.lang.String defaultURL)
           
 
Method Summary
 java.lang.String encodeParameter(java.lang.String key)
          The method in this class simply returns the input parameter key
 java.lang.String encodeURL(java.lang.String url)
          This implementation calls encodeURL on the HttpServletResponse.
 java.lang.String getDefaultURL()
           
 boolean isURLEncodingEnabled()
          Returns whether URL encoding is enabled.
 void setURLEncodingEnabled(boolean encodeURLs)
          Enables or disables session-encoding of URLs.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ServletURLEncoder

public ServletURLEncoder(javax.servlet.http.HttpServletResponse response,
                         java.lang.String defaultURL)
Parameters:
response - the ServletResponse that will be used to encode an URL.
defaultURL - the default URL.
Throws:
NullPointerException - if response is null
See Also:
getDefaultURL()
Method Detail

isURLEncodingEnabled

public boolean isURLEncodingEnabled()
Returns whether URL encoding is enabled.

setURLEncodingEnabled

public void setURLEncodingEnabled(boolean encodeURLs)
Enables or disables session-encoding of URLs. Note that turning this feature on can introduce security holes - a hacker that gains access to webserver logs may be able to hijack user sessions by extracting the ID.

encodeURL

public java.lang.String encodeURL(java.lang.String url)
This implementation calls encodeURL on the HttpServletResponse. The first time this method is called it encodes the default URL and sees if the encoding changed the URL, to make sure that URL encoding is necessary. If it is determined that URL encoding is not necessary then all subsequent calls simply return the input parameter.
Specified by:
encodeURL in interface URLEncoder
Parameters:
url - the URL to encode. maybe null
Returns:
the encoded URL, or null if url was null.
See Also:
URLEncoder.encodeURL(String), HttpServletResponse.encodeURL(String)

encodeParameter

public java.lang.String encodeParameter(java.lang.String key)
The method in this class simply returns the input parameter key
Specified by:
encodeParameter in interface URLEncoder
See Also:
URLEncoder.encodeParameter(String)

getDefaultURL

public java.lang.String getDefaultURL()
Specified by:
getDefaultURL in interface URLEncoder
Returns:
the defaultURL that this encoder was constructed with.
See Also:
URLEncoder.getDefaultURL()

Oracle UIX API Reference
Release 2.1.22.0.0
B12196-01

Copyright © 2002,2003, Oracle. All Rights Reserved.