Example 1 with TransportGuaranteeType
use of io.undertow.servlet.api.TransportGuaranteeType in project undertow by undertow-io.
the class ServletSecurityConstraintHandler method handleRequest.
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final String path = exchange.getRelativePath();
SecurityPathMatch securityMatch = securityPathMatches.getSecurityInfo(path, exchange.getRequestMethod().toString());
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
List<SingleConstraintMatch> list = servletRequestContext.getRequiredConstrains();
if (list == null) {
servletRequestContext.setRequiredConstrains(list = new ArrayList<>());
}
list.add(securityMatch.getMergedConstraint());
TransportGuaranteeType type = servletRequestContext.getTransportGuarenteeType();
if (type == null || type.ordinal() < securityMatch.getTransportGuaranteeType().ordinal()) {
servletRequestContext.setTransportGuarenteeType(securityMatch.getTransportGuaranteeType());
}
UndertowLogger.SECURITY_LOGGER.debugf("Security constraints for request %s are %s", exchange.getRequestURI(), list);
next.handleRequest(exchange);
}
Also used :
SingleConstraintMatch(io.undertow.servlet.api.SingleConstraintMatch)
TransportGuaranteeType(io.undertow.servlet.api.TransportGuaranteeType)
ArrayList(java.util.ArrayList)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
Example 2 with TransportGuaranteeType
use of io.undertow.servlet.api.TransportGuaranteeType in project undertow by undertow-io.
the class ServletConfidentialityConstraintHandler method handleRequest.
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
final AuthorizationManager authorizationManager = servletRequestContext.getDeployment().getDeploymentInfo().getAuthorizationManager();
TransportGuaranteeType connectionGuarantee = servletRequestContext.getOriginalRequest().isSecure() ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE;
TransportGuaranteeType transportGuarantee = authorizationManager.transportGuarantee(connectionGuarantee, servletRequestContext.getTransportGuarenteeType(), servletRequestContext.getOriginalRequest());
servletRequestContext.setTransportGuarenteeType(transportGuarantee);
if (TransportGuaranteeType.REJECTED == transportGuarantee) {
HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse();
response.sendError(StatusCodes.FORBIDDEN);
return;
}
super.handleRequest(exchange);
}
Also used :
TransportGuaranteeType(io.undertow.servlet.api.TransportGuaranteeType)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthorizationManager(io.undertow.servlet.api.AuthorizationManager)
Aggregations
TransportGuaranteeType (io.undertow.servlet.api.TransportGuaranteeType)2
ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)2
AuthorizationManager (io.undertow.servlet.api.AuthorizationManager)1
SingleConstraintMatch (io.undertow.servlet.api.SingleConstraintMatch)1
ArrayList (java.util.ArrayList)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
