Managing redirects in Unblu

Unblu has three different ways of handling redirects:

The Unblu redirect mechanism for relative URLs.
Filtered redirects.
Redirects determined solely by configuration properties and URL query parameters.

Which method is applied to a redirect depends on the particular type of redirect. This article describes when Unblu applies which method.

Unblu redirect mechanism for relative URLs

Unblu provides a general mechanism for server-side redirects to relative URLs. This makes it easier to configure different environments—for example testing, staging, and production environments—because you only have to make changes to a small set of configuration properties rather than adapt numerous redirect target URLs.

To use Unblu’s redirect handling mechanism, set com.unblu.server.core.redirect.useUnbluRedirectHandling to true. You can then use the following configuration properties to define the redirect target:

com.unblu.server.core.redirect.scheme specifies the scheme used for the redirect, for example HTTP or HTTPS.
com.unblu.server.core.redirect.serverName specifies the name of the server the client is redirected to.
com.unblu.server.core.redirect.port specifies the port of the server the client is redirected to.

The Unblu redirect mechanism also applies to any relative URLs you define in the following configuration properties:

For further information on these properties, please refer to their respective entries in the configuration properties reference.

Filtered redirects

Unblu checks the target of certain redirects against a blacklist and whitelist. The blacklist and whitelist consist of regular expressions that the target is compared with. They are defined in the following configuration properties:

The values of the properties are always treated as regular expressions. For example, https://www.unblu.com also matches https://wwwXunbluYcom.

Redirect targets passed in are always evaluated against both lists. The configuration property com.unblu.redirectFilter.order defines the order in which to check the blacklist and whitelist. By default, Unblu evaluates the whitelist first, then the blacklist.

Unblu checks redirect targets against the redirect blacklist and whitelist in the following cases:

If the user’s locale is set by the locale servlet and the URL includes a redirect query parameter with an absolute URL, for example /unblu/language?action="set"&lang="de"&redirect="https://yourcompany.com/unblu/".
If the redirect occurs after an authentication action, that is, after a login or logout.
If a call to the web API endpoint authenticator/authenticateWithToken includes the query parameter redirectOnSuccess with an absolute URL.

URLs are also checked against the blacklist and whitelist for the following redirects used in the Single Conversation Desk and the Visitor Desk, respectively:

The URL specified in the configuration property com.unblu.agent.singleconversation.desk.conversationClosedRedirectUrl and the query parameter conversationEndedRedirectURL that overrides it.
The URL specified in the configuration property com.unblu.visitor.desk.conversationClosedRedirectUrl and the query parameter conversationEndedRedirectURL that overrides it.

Example of redirect filter configuration

To see how the redirect filters work, suppose you’ve configured the redirect filter with the following values:

com.unblu.redirectFilter.order=BLACK_WHITE
com.unblu.redirectFilter.black=[".*"]
com.unblu.redirectFilter.white=["https\://*\\.bank\\.com"]

The first configuration property states that the blacklist is evaluated before the whitelist. The default value is WHITE_BLACK, that is, Unblu evaluates the whitelist first, then the blacklist.
The blacklist matches all strings. This essentially blocks all redirect targets.
The whitelist is evaluated after the blacklist. It specifies that subdomains of bank.com using the HTTPS scheme are permissible redirect targets. It doesn’t matter that the same URLs are blocked by the blacklist because the whitelist is evaluated after the blacklist.

Redirect configuration properties

There are a number of configuration properties you can use to configure redirect targets. These configuration properties aren’t affected by either the Unblu redirect mechanism or the redirect filters:

config:com.unblu.agent.singleconversation.desk.conversationJoinFailedRedirectUrl and the query parameter redirectOnFailure that overrides it.
config:com.unblu.visitor.desk.conversationJoinFailedRedirectUrl and the query parameter redirectOnFailure that overrides it.
com.unblu.entry-servlet.externalLoginUrl.
com.unblu.core.client.core.LoginConfiguration.externalPostLogoutUrl.

Refer to the respective entries in the configuration properties reference for further information.