Search in sources :

Example 1 with TransportGuaranteeType

use of io.undertow.servlet.api.TransportGuaranteeType in project undertow by undertow-io.

the class ServletSecurityConstraintHandler method handleRequest.

@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    final String path = exchange.getRelativePath();
    SecurityPathMatch securityMatch = securityPathMatches.getSecurityInfo(path, exchange.getRequestMethod().toString());
    final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    List<SingleConstraintMatch> list = servletRequestContext.getRequiredConstrains();
    if (list == null) {
        servletRequestContext.setRequiredConstrains(list = new ArrayList<>());
    }
    list.add(securityMatch.getMergedConstraint());
    TransportGuaranteeType type = servletRequestContext.getTransportGuarenteeType();
    if (type == null || type.ordinal() < securityMatch.getTransportGuaranteeType().ordinal()) {
        servletRequestContext.setTransportGuarenteeType(securityMatch.getTransportGuaranteeType());
    }
    UndertowLogger.SECURITY_LOGGER.debugf("Security constraints for request %s are %s", exchange.getRequestURI(), list);
    next.handleRequest(exchange);
}
Also used : SingleConstraintMatch(io.undertow.servlet.api.SingleConstraintMatch) TransportGuaranteeType(io.undertow.servlet.api.TransportGuaranteeType) ArrayList(java.util.ArrayList) ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)

Example 2 with TransportGuaranteeType

use of io.undertow.servlet.api.TransportGuaranteeType in project undertow by undertow-io.

the class ServletConfidentialityConstraintHandler method handleRequest.

@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
    final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    final AuthorizationManager authorizationManager = servletRequestContext.getDeployment().getDeploymentInfo().getAuthorizationManager();
    TransportGuaranteeType connectionGuarantee = servletRequestContext.getOriginalRequest().isSecure() ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE;
    TransportGuaranteeType transportGuarantee = authorizationManager.transportGuarantee(connectionGuarantee, servletRequestContext.getTransportGuarenteeType(), servletRequestContext.getOriginalRequest());
    servletRequestContext.setTransportGuarenteeType(transportGuarantee);
    if (TransportGuaranteeType.REJECTED == transportGuarantee) {
        HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse();
        response.sendError(StatusCodes.FORBIDDEN);
        return;
    }
    super.handleRequest(exchange);
}
Also used : TransportGuaranteeType(io.undertow.servlet.api.TransportGuaranteeType) ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthorizationManager(io.undertow.servlet.api.AuthorizationManager)

Aggregations

TransportGuaranteeType (io.undertow.servlet.api.TransportGuaranteeType)2 ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)2 AuthorizationManager (io.undertow.servlet.api.AuthorizationManager)1 SingleConstraintMatch (io.undertow.servlet.api.SingleConstraintMatch)1 ArrayList (java.util.ArrayList)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1