001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.securechannel;
017:
018: import org.acegisecurity.ConfigAttribute;
019: import org.acegisecurity.ConfigAttributeDefinition;
020:
021: import org.acegisecurity.intercept.web.FilterInvocation;
022:
023: import org.springframework.beans.factory.InitializingBean;
024:
025: import org.springframework.util.Assert;
026:
027: import java.io.IOException;
028:
029: import java.util.Iterator;
030:
031: import javax.servlet.ServletException;
032:
033: /**
034: * <p>Ensures channel security is inactive by review of <code>HttpServletRequest.isSecure()</code> responses.</p>
035: * <P>The class responds to one case-sensitive keyword, {@link #getInsecureKeyword}. If this keyword is detected,
036: * <code>HttpServletRequest.isSecure()</code> is used to determine the channel security offered. If channel security
037: * is present, the configured <code>ChannelEntryPoint</code> is called. By default the entry point is {@link
038: * RetryWithHttpEntryPoint}.</p>
039: * <P>The default <code>insecureKeyword</code> is <code>REQUIRES_INSECURE_CHANNEL</code>.</p>
040: *
041: * @author Ben Alex
042: * @version $Id: InsecureChannelProcessor.java 1496 2006-05-23 13:38:33Z benalex $
043: */
044: public class InsecureChannelProcessor implements InitializingBean,
045: ChannelProcessor {
046: //~ Instance fields ================================================================================================
047:
048: private ChannelEntryPoint entryPoint = new RetryWithHttpEntryPoint();
049: private String insecureKeyword = "REQUIRES_INSECURE_CHANNEL";
050:
051: //~ Methods ========================================================================================================
052:
053: public void afterPropertiesSet() throws Exception {
054: Assert.hasLength(insecureKeyword, "insecureKeyword required");
055: Assert.notNull(entryPoint, "entryPoint required");
056: }
057:
058: public void decide(FilterInvocation invocation,
059: ConfigAttributeDefinition config) throws IOException,
060: ServletException {
061: if ((invocation == null) || (config == null)) {
062: throw new IllegalArgumentException(
063: "Nulls cannot be provided");
064: }
065:
066: Iterator iter = config.getConfigAttributes();
067:
068: while (iter.hasNext()) {
069: ConfigAttribute attribute = (ConfigAttribute) iter.next();
070:
071: if (supports(attribute)) {
072: if (invocation.getHttpRequest().isSecure()) {
073: entryPoint.commence(invocation.getRequest(),
074: invocation.getResponse());
075: }
076: }
077: }
078: }
079:
080: public ChannelEntryPoint getEntryPoint() {
081: return entryPoint;
082: }
083:
084: public String getInsecureKeyword() {
085: return insecureKeyword;
086: }
087:
088: public void setEntryPoint(ChannelEntryPoint entryPoint) {
089: this .entryPoint = entryPoint;
090: }
091:
092: public void setInsecureKeyword(String secureKeyword) {
093: this .insecureKeyword = secureKeyword;
094: }
095:
096: public boolean supports(ConfigAttribute attribute) {
097: if ((attribute != null)
098: && (attribute.getAttribute() != null)
099: && attribute.getAttribute()
100: .equals(getInsecureKeyword())) {
101: return true;
102: } else {
103: return false;
104: }
105: }
106: }
|