View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.server.handler;
20  
21  import java.io.IOException;
22  
23  import javax.servlet.ServletException;
24  import javax.servlet.http.HttpServletRequest;
25  import javax.servlet.http.HttpServletResponse;
26  
27  import org.eclipse.jetty.http.HttpStatus;
28  import org.eclipse.jetty.server.HttpChannel;
29  import org.eclipse.jetty.server.HttpConfiguration;
30  import org.eclipse.jetty.server.Request;
31  import org.eclipse.jetty.util.URIUtil;
32  
33  /**
34   * Secured Redirect Handler
35   * <p>
36   * Using information present in the {@link HttpConfiguration}, will attempt to redirect to the {@link HttpConfiguration#getSecureScheme()} and
37   * {@link HttpConfiguration#getSecurePort()} for any request that {@link HttpServletRequest#isSecure()} == false.
38   */
39  public class SecuredRedirectHandler extends AbstractHandler
40  {
41      @Override
42      public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
43      {
44          HttpChannel channel = baseRequest.getHttpChannel();
45          if (baseRequest.isSecure() || (channel == null))
46          {
47              // nothing to do
48              return;
49          }
50  
51          HttpConfiguration httpConfig = channel.getHttpConfiguration();
52          if (httpConfig == null)
53          {
54              // no config, show error
55              response.sendError(HttpStatus.FORBIDDEN_403,"No http configuration available");
56              return;
57          }
58  
59          if (httpConfig.getSecurePort() > 0)
60          {
61              String scheme = httpConfig.getSecureScheme();
62              int port = httpConfig.getSecurePort();
63  
64              String url = URIUtil.newURI(scheme,baseRequest.getServerName(),port,baseRequest.getRequestURI(),baseRequest.getQueryString());
65              response.setContentLength(0);
66              response.sendRedirect(url);
67          }
68          else
69          {
70              response.sendError(HttpStatus.FORBIDDEN_403,"Not Secure");
71          }
72          
73          baseRequest.setHandled(true);
74      }
75  }