001: /*
002: * Copyright (c) 1998-2008 Caucho Technology -- all rights reserved
003: *
004: * This file is part of Resin(R) Open Source
005: *
006: * Each copy or derived work must preserve the copyright notice and this
007: * notice unmodified.
008: *
009: * Resin Open Source is free software; you can redistribute it and/or modify
010: * it under the terms of the GNU General Public License as published by
011: * the Free Software Foundation; either version 2 of the License, or
012: * (at your option) any later version.
013: *
014: * Resin Open Source is distributed in the hope that it will be useful,
015: * but WITHOUT ANY WARRANTY; without even the implied warranty of
016: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
017: * of NON-INFRINGEMENT. See the GNU General Public License for more
018: * details.
019: *
020: * You should have received a copy of the GNU General Public License
021: * along with Resin Open Source; if not, write to the
022: * Free SoftwareFoundation, Inc.
023: * 59 Temple Place, Suite 330
024: * Boston, MA 02111-1307 USA
025: *
026: * @author Scott Ferguson
027: */
028:
029: package com.caucho.server.security;
030:
031: import com.caucho.server.host.Host;
032: import com.caucho.server.webapp.Application;
033:
034: import javax.servlet.ServletContext;
035: import javax.servlet.ServletException;
036: import javax.servlet.http.HttpServletRequest;
037: import javax.servlet.http.HttpServletResponse;
038: import java.io.IOException;
039:
040: public class TransportConstraint extends AbstractConstraint {
041: private String _transport;
042:
043: public TransportConstraint() {
044: }
045:
046: public TransportConstraint(String transport) {
047: _transport = transport;
048: }
049:
050: public void setTransportGuarantee(String transportGuarantee) {
051: _transport = transportGuarantee;
052: }
053:
054: /**
055: * Returns true if any cache needs to be private.
056: */
057: public boolean isPrivateCache() {
058: return false;
059: }
060:
061: /**
062: * Returns true if the user is authorized for the resource.
063: */
064: public boolean isAuthorized(HttpServletRequest request,
065: HttpServletResponse response, ServletContext application)
066: throws ServletException, IOException {
067: if (_transport == null)
068: return true;
069:
070: if (request.isSecure())
071: return true;
072:
073: Application app = (Application) application;
074: Host host = (Host) app.getParent();
075: String secureHost = host.getSecureHostName();
076:
077: if (secureHost != null) {
078: String url = ("https://" + secureHost
079: + app.getContextPath() + request.getServletPath());
080:
081: if (request.getPathInfo() != null)
082: url += request.getPathInfo();
083: if (request.getQueryString() != null)
084: url += "?" + request.getQueryString();
085:
086: response.sendRedirect(url);
087: return false;
088: }
089:
090: String url = request.getRequestURL().toString();
091:
092: if (url.startsWith("http:") && request.getServerPort() == 80) {
093: url = "https:" + url.substring(5);
094: String queryString = request.getQueryString();
095: if (queryString != null)
096: response.sendRedirect(url + "?" + queryString);
097: else
098: response.sendRedirect(url);
099: return false;
100: }
101:
102: response.sendError(HttpServletResponse.SC_FORBIDDEN, null);
103:
104: return false;
105: }
106: }
|