001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.securechannel;
017:
018: import org.acegisecurity.ConfigAttribute;
019: import org.acegisecurity.ConfigAttributeDefinition;
020:
021: import org.acegisecurity.intercept.web.FilterInvocation;
022:
023: import org.springframework.beans.factory.InitializingBean;
024:
025: import org.springframework.util.Assert;
026:
027: import java.io.IOException;
028:
029: import java.util.Iterator;
030:
031: import javax.servlet.ServletException;
032:
033: /**
034: * <p>Ensures channel security is active by review of <code>HttpServletRequest.isSecure()</code> responses.</p>
035: * <P>The class responds to one case-sensitive keyword, {@link #getSecureKeyword}. If this keyword is detected,
036: * <code>HttpServletRequest.isSecure()</code> is used to determine the channel security offered. If channel security
037: * is not present, the configured <code>ChannelEntryPoint</code> is called. By default the entry point is {@link
038: * RetryWithHttpsEntryPoint}.</p>
039: * <P>The default <code>secureKeyword</code> is <code>REQUIRES_SECURE_CHANNEL</code>.</p>
040: *
041: * @author Ben Alex
042: * @version $Id: SecureChannelProcessor.java 1496 2006-05-23 13:38:33Z benalex $
043: */
044: public class SecureChannelProcessor implements InitializingBean,
045: ChannelProcessor {
046: //~ Instance fields ================================================================================================
047:
048: private ChannelEntryPoint entryPoint = new RetryWithHttpsEntryPoint();
049: private String secureKeyword = "REQUIRES_SECURE_CHANNEL";
050:
051: //~ Methods ========================================================================================================
052:
053: public void afterPropertiesSet() throws Exception {
054: Assert.hasLength(secureKeyword, "secureKeyword required");
055: Assert.notNull(entryPoint, "entryPoint required");
056: }
057:
058: public void decide(FilterInvocation invocation,
059: ConfigAttributeDefinition config) throws IOException,
060: ServletException {
061: Assert.isTrue((invocation != null) && (config != null),
062: "Nulls cannot be provided");
063:
064: Iterator iter = config.getConfigAttributes();
065:
066: while (iter.hasNext()) {
067: ConfigAttribute attribute = (ConfigAttribute) iter.next();
068:
069: if (supports(attribute)) {
070: if (!invocation.getHttpRequest().isSecure()) {
071: entryPoint.commence(invocation.getRequest(),
072: invocation.getResponse());
073: }
074: }
075: }
076: }
077:
078: public ChannelEntryPoint getEntryPoint() {
079: return entryPoint;
080: }
081:
082: public String getSecureKeyword() {
083: return secureKeyword;
084: }
085:
086: public void setEntryPoint(ChannelEntryPoint entryPoint) {
087: this .entryPoint = entryPoint;
088: }
089:
090: public void setSecureKeyword(String secureKeyword) {
091: this .secureKeyword = secureKeyword;
092: }
093:
094: public boolean supports(ConfigAttribute attribute) {
095: if ((attribute != null) && (attribute.getAttribute() != null)
096: && attribute.getAttribute().equals(getSecureKeyword())) {
097: return true;
098: } else {
099: return false;
100: }
101: }
102: }
|