Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
SslFilter |
|
| 2.0;2 |
1 | /* | |
2 | * Licensed to the Apache Software Foundation (ASF) under one | |
3 | * or more contributor license agreements. See the NOTICE file | |
4 | * distributed with this work for additional information | |
5 | * regarding copyright ownership. The ASF licenses this file | |
6 | * to you under the Apache License, Version 2.0 (the | |
7 | * "License"); you may not use this file except in compliance | |
8 | * with the License. You may obtain a copy of the License at | |
9 | * | |
10 | * http://www.apache.org/licenses/LICENSE-2.0 | |
11 | * | |
12 | * Unless required by applicable law or agreed to in writing, | |
13 | * software distributed under the License is distributed on an | |
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
15 | * KIND, either express or implied. See the License for the | |
16 | * specific language governing permissions and limitations | |
17 | * under the License. | |
18 | */ | |
19 | package org.apache.shiro.web.filter.authz; | |
20 | ||
21 | import javax.servlet.ServletRequest; | |
22 | import javax.servlet.ServletResponse; | |
23 | ||
24 | /** | |
25 | * Filter which requires a request to be over SSL. Access is allowed if the request is received on the configured | |
26 | * server {@link #setPort(int) port} <em>and</em> the | |
27 | * {@code request.}{@link javax.servlet.ServletRequest#isSecure() isSecure()}. If either condition is {@code false}, | |
28 | * the filter chain will not continue. | |
29 | * <p/> | |
30 | * The {@link #getPort() port} property defaults to {@code 443} and also additionally guarantees that the | |
31 | * request scheme is always 'https' (except for port 80, which retains the 'http' scheme). | |
32 | * <p/> | |
33 | * Example config: | |
34 | * <pre> | |
35 | * [urls] | |
36 | * /secure/path/** = ssl | |
37 | * </pre> | |
38 | * | |
39 | * @since 1.0 | |
40 | */ | |
41 | public class SslFilter extends PortFilter { | |
42 | ||
43 | public static final int DEFAULT_HTTPS_PORT = 443; | |
44 | public static final String HTTPS_SCHEME = "https"; | |
45 | ||
46 | 52 | public SslFilter() { |
47 | 52 | setPort(DEFAULT_HTTPS_PORT); |
48 | 52 | } |
49 | ||
50 | @Override | |
51 | protected String getScheme(String requestScheme, int port) { | |
52 | 0 | if (port == DEFAULT_HTTP_PORT) { |
53 | 0 | return PortFilter.HTTP_SCHEME; |
54 | } else { | |
55 | 0 | return HTTPS_SCHEME; |
56 | } | |
57 | } | |
58 | ||
59 | /** | |
60 | * Retains the parent method's port-matching behavior but additionally guarantees that the | |
61 | *{@code ServletRequest.}{@link javax.servlet.ServletRequest#isSecure() isSecure()}. If the port does not match or | |
62 | * the request is not secure, access is denied. | |
63 | * | |
64 | * @param request the incoming {@code ServletRequest} | |
65 | * @param response the outgoing {@code ServletResponse} - ignored in this implementation | |
66 | * @param mappedValue the filter-specific config value mapped to this filter in the URL rules mappings - ignored by this implementation. | |
67 | * @return {@code true} if the request is received on an expected SSL port and the | |
68 | * {@code request.}{@link javax.servlet.ServletRequest#isSecure() isSecure()}, {@code false} otherwise. | |
69 | * @throws Exception if the call to {@code super.isAccessAllowed} throws an exception. | |
70 | * @since 1.2 | |
71 | */ | |
72 | @Override | |
73 | protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { | |
74 | 0 | return super.isAccessAllowed(request, response, mappedValue) && request.isSecure(); |
75 | } | |
76 | } |