View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.server.handler;
20  
21  import java.io.IOException;
22  
23  import javax.servlet.ServletException;
24  import javax.servlet.http.HttpServletRequest;
25  import javax.servlet.http.HttpServletResponse;
26  
27  import org.eclipse.jetty.http.HttpStatus;
28  import org.eclipse.jetty.server.HttpChannel;
29  import org.eclipse.jetty.server.HttpConfiguration;
30  import org.eclipse.jetty.server.Request;
31  import org.eclipse.jetty.util.URIUtil;
32  
33  /**
34   * Secured Redirect Handler
35   * <p>
36   * Using information present in the {@link HttpConfiguration}, will attempt to redirect to the {@link HttpConfiguration#getSecureScheme()} and
37   * {@link HttpConfiguration#getSecurePort()} for any request that {@link HttpServletRequest#isSecure()} == false.
38   */
39  public class SecuredRedirectHandler extends AbstractHandler
40  {
41      @Override
42      public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
43      {
44          HttpConfiguration httpConfig = HttpChannel.getCurrentHttpChannel().getHttpConfiguration();
45  
46          if (baseRequest.isSecure())
47          {
48              return; // all done
49          }
50  
51          if (httpConfig.getSecurePort() > 0)
52          {
53              String scheme = httpConfig.getSecureScheme();
54              int port = httpConfig.getSecurePort();
55  
56              String url = URIUtil.newURI(scheme,baseRequest.getServerName(),port,baseRequest.getRequestURI(),baseRequest.getQueryString());
57              response.setContentLength(0);
58              response.sendRedirect(url);
59          }
60          else
61          {
62              response.sendError(HttpStatus.FORBIDDEN_403,"Not Secure");
63          }
64          baseRequest.setHandled(true);
65      }
66  }