| Line | Hits | Source |
|---|---|---|
| 1 | /* | |
| 2 | Chrysalis Web Framework [http://chrysalis.sourceforge.net] | |
| 3 | Copyright (c) 2002, 2003, 2004, Paul Strack | |
| 4 | ||
| 5 | All rights reserved. | |
| 6 | ||
| 7 | Redistribution and use in source and binary forms, with or without | |
| 8 | modification, are permitted provided that the following conditions are met: | |
| 9 | ||
| 10 | 1. Redistributions of source code must retain the above copyright notice, this | |
| 11 | list of conditions and the following disclaimer. | |
| 12 | ||
| 13 | 2. Redistributions in binary form must reproduce the above copyright notice, | |
| 14 | this list of conditions and the following disclaimer in the documentation | |
| 15 | and/or other materials provided with the distribution. | |
| 16 | ||
| 17 | 3. Neither the name of the copyright holder nor the names of its contributors | |
| 18 | may be used to endorse or promote products derived from this software without | |
| 19 | specific prior written permission. | |
| 20 | ||
| 21 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 22 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 23 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 24 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR | |
| 25 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| 26 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
| 27 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON | |
| 28 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
| 29 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 30 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 31 | */ | |
| 32 | ||
| 33 | package org.chwf.servlet.view; | |
| 34 | ||
| 35 | import java.io.IOException; | |
| 36 | ||
| 37 | import javax.servlet.FilterChain; | |
| 38 | import javax.servlet.ServletException; | |
| 39 | import javax.servlet.http.HttpServletRequest; | |
| 40 | import javax.servlet.http.HttpServletResponse; | |
| 41 | ||
| 42 | import org.chwf.servlet.ServletUtils; | |
| 43 | import org.chwf.servlet.filter.FilterSupport; | |
| 44 | ||
| 45 | /** | |
| 46 | * <p>A filter managing the switch to/from SSL.</p> | |
| 47 | * | |
| 48 | * @author <a href="mailto:pfstrack@users.sourceforge.net">Paul Strack</a> | |
| 49 | */ | |
| 50 | 11 | public class EncryptionFilter extends FilterSupport { |
| 51 | ||
| 52 | /** | |
| 53 | * Check request encryption level vs. the page's configured encryption level, | |
| 54 | * and redirect if necessary. | |
| 55 | * | |
| 56 | * @param request The request. | |
| 57 | * @param response The response. | |
| 58 | * @param chain The filter chain. | |
| 59 | * @throws ServletException For servlet exceptions. | |
| 60 | * @throws IOException For IO exceptions. | |
| 61 | */ | |
| 62 | public void doHttpFilter( | |
| 63 | HttpServletRequest request, | |
| 64 | HttpServletResponse response, | |
| 65 | FilterChain chain) | |
| 66 | throws IOException, ServletException { | |
| 67 | ||
| 68 | 7 | PageConfig config = PageConfig.getPageConfig(request); |
| 69 | 7 | String requirement = config.getSecurityEncryption(); |
| 70 | 7 | boolean isEncrypted = request.isSecure(); |
| 71 | 7 | if (!isEncrypted && PageConfig.ENCRYPTION_ALWAYS.equals(requirement)) { |
| 72 | 1 | redirect(response, "https" + deriveSchemeFreeURL(request)); |
| 73 | 6 | } else if (isEncrypted && PageConfig.ENCRYPTION_NEVER.equals(requirement)) { |
| 74 | 1 | redirect(response, "http" + deriveSchemeFreeURL(request)); |
| 75 | } else { | |
| 76 | 5 | chain.doFilter(request, response); |
| 77 | } | |
| 78 | 7 | } |
| 79 | ||
| 80 | /** | |
| 81 | * Derive schema-free URL. | |
| 82 | * | |
| 83 | * @param request The request. | |
| 84 | * @return The URL. | |
| 85 | */ | |
| 86 | private static String deriveSchemeFreeURL(HttpServletRequest request) { | |
| 87 | 2 | StringBuffer url = ServletUtils.getURLWithQueryString(request); |
| 88 | 2 | return url.substring(request.getScheme().length()); |
| 89 | } | |
| 90 | ||
| 91 | /** | |
| 92 | * Encode and redirect. | |
| 93 | * | |
| 94 | * @param response The response. | |
| 95 | * @param url The redirect url. | |
| 96 | * @throws IOException For I/O errors. | |
| 97 | */ | |
| 98 | private static void redirect(HttpServletResponse response, String url) | |
| 99 | throws IOException { | |
| 100 | 2 | response.sendRedirect(response.encodeRedirectURL(url)); |
| 101 | 2 | } |
| 102 | } |
|
this report was generated by version 1.0.5 of jcoverage. |
copyright © 2003, jcoverage ltd. all rights reserved. |