Spring Security Framework

org.springframework.security.securechannel
Class InsecureChannelProcessor

java.lang.Object
  extended by org.springframework.security.securechannel.InsecureChannelProcessor
All Implemented Interfaces:
InitializingBean, ChannelProcessor

public class InsecureChannelProcessor
extends Object
implements InitializingBean, ChannelProcessor

Ensures channel security is inactive by review of HttpServletRequest.isSecure() responses.

The class responds to one case-sensitive keyword, getInsecureKeyword(). If this keyword is detected, HttpServletRequest.isSecure() is used to determine the channel security offered. If channel security is present, the configured ChannelEntryPoint is called. By default the entry point is RetryWithHttpEntryPoint.

The default insecureKeyword is REQUIRES_INSECURE_CHANNEL.

Version:
$Id$
Author:
Ben Alex

Constructor Summary
InsecureChannelProcessor()
           
 
Method Summary
 void afterPropertiesSet()
           
 void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
          Decided whether the presented FilterInvocation provides the appropriate level of channel security based on the requested ConfigAttributeDefinition.
 ChannelEntryPoint getEntryPoint()
           
 String getInsecureKeyword()
           
 void setEntryPoint(ChannelEntryPoint entryPoint)
           
 void setInsecureKeyword(String secureKeyword)
           
 boolean supports(ConfigAttribute attribute)
          Indicates whether this ChannelProcessor is able to process the passed ConfigAttribute.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

InsecureChannelProcessor

public InsecureChannelProcessor()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception

decide

public void decide(FilterInvocation invocation,
                   ConfigAttributeDefinition config)
            throws IOException,
                   ServletException
Description copied from interface: ChannelProcessor
Decided whether the presented FilterInvocation provides the appropriate level of channel security based on the requested ConfigAttributeDefinition.

Specified by:
decide in interface ChannelProcessor
Parameters:
invocation - DOCUMENT ME!
config - DOCUMENT ME!
Throws:
IOException - DOCUMENT ME!
ServletException - DOCUMENT ME!

getEntryPoint

public ChannelEntryPoint getEntryPoint()

getInsecureKeyword

public String getInsecureKeyword()

setEntryPoint

public void setEntryPoint(ChannelEntryPoint entryPoint)

setInsecureKeyword

public void setInsecureKeyword(String secureKeyword)

supports

public boolean supports(ConfigAttribute attribute)
Description copied from interface: ChannelProcessor
Indicates whether this ChannelProcessor is able to process the passed ConfigAttribute.

This allows the ChannelProcessingFilter to check every configuration attribute can be consumed by the configured ChannelDecisionManager.

Specified by:
supports in interface ChannelProcessor
Parameters:
attribute - a configuration attribute that has been configured against the ChannelProcessingFilter
Returns:
true if this ChannelProcessor can support the passed configuration attribute

Spring Security Framework

Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.