TransportConstraint


1   /*
2    * Copyright (c) 1998-2006 Caucho Technology -- all rights reserved
3    *
4    * This file is part of Resin(R) Open Source
5    *
6    * Each copy or derived work must preserve the copyright notice and this
7    * notice unmodified.
8    *
9    * Resin Open Source is free software; you can redistribute it and/or modify
10   * it under the terms of the GNU General Public License as published by
11   * the Free Software Foundation; either version 2 of the License, or
12   * (at your option) any later version.
13   *
14   * Resin Open Source is distributed in the hope that it will be useful,
15   * but WITHOUT ANY WARRANTY; without even the implied warranty of
16   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17   * of NON-INFRINGEMENT.  See the GNU General Public License for more
18   * details.
19   *
20   * You should have received a copy of the GNU General Public License
21   * along with Resin Open Source; if not, write to the
22   *   Free SoftwareFoundation, Inc.
23   *   59 Temple Place, Suite 330
24   *   Boston, MA 02111-1307  USA
25   *
26   * @author Scott Ferguson
27   */
28  
29  package com.caucho.server.security;
30  
31  import com.caucho.server.host.Host;
32  import com.caucho.server.webapp.Application;
33  
34  import javax.servlet.ServletContext  ;
35  import javax.servlet.ServletException  ;
36  import javax.servlet.http.HttpServletRequest  ;
37  import javax.servlet.http.HttpServletResponse  ;
38  import java.io.IOException  ;
39  
40  public class TransportConstraint extends AbstractConstraint {
41    private String   _transport;
42  
43    public TransportConstraint()
44    {
45    }
46  
47    public TransportConstraint(String   transport)
48    {
49      _transport = transport;
50    }
51    
52    public void setTransportGuarantee(String   transportGuarantee)
53    {
54      _transport = transportGuarantee;
55    }
56    
57    /**
58     * Returns true if any cache needs to be private.
59     */
60    public boolean isPrivateCache()
61    {
62      return false;
63    }
64  
65    /**
66     * Returns true if the user is authorized for the resource.
67     */
68    public boolean isAuthorized(HttpServletRequest   request,
69                                HttpServletResponse   response,
70                                ServletContext   application)
71      throws ServletException  , IOException  
72    {
73      if (_transport == null)
74        return true;
75      
76      if (request.isSecure())
77        return true;
78  
79      Application app = (Application) application;
80      Host host = (Host) app.getParent();
81      String   secureHost = host.getSecureHostName();
82  
83      if (secureHost != null) {
84        String   url = ("https://" + secureHost + app.getContextPath() +
85              request.getServletPath());
86  
87        if (request.getPathInfo() != null)
88      url += request.getPathInfo();
89        if (request.getQueryString() != null)
90      url += "?" + request.getQueryString();
91  
92        response.sendRedirect(url);
93        return false;
94      }
95      
96      String   url = request.getRequestURL().toString();
97  
98      if (url.startsWith("http:")) {
99        url = "https:" + url.substring(5);
100       String   queryString = request.getQueryString();
101       if (queryString != null)
102         response.sendRedirect(url + "?" + queryString);
103       else
104         response.sendRedirect(url);
105       return false;
106     }
107     
108     response.sendError(HttpServletResponse.SC_FORBIDDEN, null);
109 
110     return false;
111   }
112 }
113
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags