in support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java [465:498]
private static String processResubmitResponse(HttpResponse<String> response,
HttpServletRequest originalRequest, HttpServletResponse originalResponse,
HttpHeaders headers, String savedRequest, ServletContext servletContext,
boolean isPartialAjaxRequest, boolean rememberedAjaxResubmit) throws IOException {
switch (response.statusCode()) {
case FOUND:
if (rememberedAjaxResubmit) {
originalResponse.setStatus(OK);
} else {
// can't use Faces.redirect() here
originalResponse.setStatus(response.statusCode());
originalResponse.setHeader(LOCATION, response.headers().firstValue(LOCATION).orElseThrow());
}
case OK:
// do not duplicate the session cookie(s)
transformCookieHeader(headers.allValues(SET_COOKIE))
.entrySet().stream().filter(not(entry -> entry.getKey()
.startsWith(getSessionCookieName(servletContext, getSecurityManager()))))
.forEach(entry -> addCookie(originalResponse, servletContext,
entry.getKey(), entry.getValue(), -1));
if (isPartialAjaxRequest) {
originalResponse.setHeader(CONTENT_TYPE, TEXT_XML);
originalResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
originalResponse.getWriter().append(String.format(
"<partial-response><redirect url=\"%s\"></redirect></partial-response>",
savedRequest));
} else {
originalResponse.getWriter().append(response.body());
}
return resubmitResponseCleanup(originalRequest);
default:
return savedRequest;
}
}