1 //
2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
8 //
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
11 //
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
14 //
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
17 //
18
19 package org.eclipse.jetty.server.handler;
20
21 import java.io.IOException;
22
23 import javax.servlet.ServletException;
24 import javax.servlet.http.HttpServletRequest;
25 import javax.servlet.http.HttpServletResponse;
26
27 import org.eclipse.jetty.http.HttpStatus;
28 import org.eclipse.jetty.server.HttpChannel;
29 import org.eclipse.jetty.server.HttpConfiguration;
30 import org.eclipse.jetty.server.Request;
31 import org.eclipse.jetty.util.URIUtil;
32
33 /**
34 * Secured Redirect Handler
35 * <p>
36 * Using information present in the {@link HttpConfiguration}, will attempt to redirect to the {@link HttpConfiguration#getSecureScheme()} and
37 * {@link HttpConfiguration#getSecurePort()} for any request that {@link HttpServletRequest#isSecure()} == false.
38 */
39 public class SecuredRedirectHandler extends AbstractHandler
40 {
41 @Override
42 public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
43 {
44 HttpConfiguration httpConfig = HttpChannel.getCurrentHttpChannel().getHttpConfiguration();
45
46 if (baseRequest.isSecure())
47 {
48 return; // all done
49 }
50
51 if (httpConfig.getSecurePort() > 0)
52 {
53 String scheme = httpConfig.getSecureScheme();
54 int port = httpConfig.getSecurePort();
55
56 String url = URIUtil.newURI(scheme,baseRequest.getServerName(),port,baseRequest.getRequestURI(),baseRequest.getQueryString());
57 response.setContentLength(0);
58 response.sendRedirect(url);
59 }
60 else
61 {
62 response.sendError(HttpStatus.FORBIDDEN_403,"Not Secure");
63 }
64 baseRequest.setHandled(true);
65 }
66 }