io.undertow.security.handlers

Class AbstractConfidentialityHandler

java.lang.Object

io.undertow.security.handlers.AbstractConfidentialityHandler

All Implemented Interfaces:

HttpHandler

Direct Known Subclasses:

SinglePortConfidentialityHandler

public abstract class AbstractConfidentialityHandler
extends Object
implements HttpHandler

Handler responsible for checking of confidentiality is required for the requested resource and if so rejecting the request and redirecting to a secure address.

Author:

Darran Lofthouse

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AbstractConfidentialityHandler(HttpHandler next)

Method Summary

Modifier and Type	Method and Description
protected boolean	confidentialityRequired(HttpServerExchange exchange) Use the HttpServerExchange to identify if confidentiality is required.
protected abstract URI	getRedirectURI(HttpServerExchange exchange) All sub-classes are required to provide an implementation of this method, using the HttpServerExchange for the current request return the address to use for a redirect should confidentiality be required and the request not be confidential.
void	handleRequest(HttpServerExchange exchange) Handle the request.
protected boolean	isConfidential(HttpServerExchange exchange) Use the HttpServerExchange supplied to check if this request is already 'sufficiently' confidential.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractConfidentialityHandler

protected AbstractConfidentialityHandler(HttpHandler next)

Method Detail

handleRequest

public void handleRequest(HttpServerExchange exchange)
                   throws Exception

Description copied from interface: HttpHandler

Handle the request.

Specified by:

handleRequest in interface HttpHandler

Parameters:

exchange - the HTTP request/response exchange

Throws:

Exception

isConfidential

protected boolean isConfidential(HttpServerExchange exchange)

Use the HttpServerExchange supplied to check if this request is already 'sufficiently' confidential. Here we say 'sufficiently' as sub-classes can override this and maybe even go so far as querying the actual SSLSession.

Parameters:

exchange - - The HttpServerExchange for the request being processed.

Returns:

true if the request is 'sufficiently' confidential, false otherwise.

confidentialityRequired

protected boolean confidentialityRequired(HttpServerExchange exchange)

Use the HttpServerExchange to identify if confidentiality is required. This method currently returns true for all requests, sub-classes can override this to provide a custom check. TODO: we should deprecate this and just use a predicate to decide to execute the handler instead

Parameters:

exchange - - The HttpServerExchange for the request being processed.

Returns:

true if the request requires confidentiality, false otherwise.

getRedirectURI

protected abstract URI getRedirectURI(HttpServerExchange exchange)
                               throws URISyntaxException

All sub-classes are required to provide an implementation of this method, using the HttpServerExchange for the current request return the address to use for a redirect should confidentiality be required and the request not be confidential.

Parameters:

exchange - - The HttpServerExchange for the request being processed.

Returns:

The URI to redirect to.

Throws:

URISyntaxException