Class AbstractConfidentialityHandler

java.lang.Object
io.undertow.security.handlers.AbstractConfidentialityHandler
All Implemented Interfaces:
HttpHandler
Direct Known Subclasses:
SinglePortConfidentialityHandler

public abstract class AbstractConfidentialityHandler extends Object implements HttpHandler
Handler responsible for checking of confidentiality is required for the requested resource and if so rejecting the request and redirecting to a secure address.
Author:
Darran Lofthouse
  • Constructor Details

    • AbstractConfidentialityHandler

      protected AbstractConfidentialityHandler(HttpHandler next)
  • Method Details

    • handleRequest

      public void handleRequest(HttpServerExchange exchange) throws Exception
      Description copied from interface: HttpHandler
      Handle the request.
      Specified by:
      handleRequest in interface HttpHandler
      Parameters:
      exchange - the HTTP request/response exchange
      Throws:
      Exception
    • isConfidential

      protected boolean isConfidential(HttpServerExchange exchange)
      Use the HttpServerExchange supplied to check if this request is already 'sufficiently' confidential. Here we say 'sufficiently' as sub-classes can override this and maybe even go so far as querying the actual SSLSession.
      Parameters:
      exchange - - The HttpServerExchange for the request being processed.
      Returns:
      true if the request is 'sufficiently' confidential, false otherwise.
    • confidentialityRequired

      protected boolean confidentialityRequired(HttpServerExchange exchange)
      Use the HttpServerExchange to identify if confidentiality is required. This method currently returns true for all requests, sub-classes can override this to provide a custom check. TODO: we should deprecate this and just use a predicate to decide to execute the handler instead
      Parameters:
      exchange - - The HttpServerExchange for the request being processed.
      Returns:
      true if the request requires confidentiality, false otherwise.
    • getRedirectURI

      protected abstract URI getRedirectURI(HttpServerExchange exchange) throws URISyntaxException
      All sub-classes are required to provide an implementation of this method, using the HttpServerExchange for the current request return the address to use for a redirect should confidentiality be required and the request not be confidential.
      Parameters:
      exchange - - The HttpServerExchange for the request being processed.
      Returns:
      The URI to redirect to.
      Throws:
      URISyntaxException