View Javadoc

1   /*
2    * $Id: IsSecureFilter.java 269 2005-08-10 17:49:22Z josem $
3    *
4    * Tarsis
5    * Copyright (C) 2002 Talika Open Source Group
6    *
7    * This program is free software; you can redistribute it and/or modify
8    * it under the terms of the GNU General Public License as published by
9    * the Free Software Foundation; either version 2 of the License, or
10   * (at your option) any later version.
11   *
12   * This program is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15   * GNU General Public License for more details.
16   *
17   * You should have received a copy of the GNU General Public License
18   * along with this program; if not, write to the Free Software
19   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
20   *
21   */
22  
23  package org.talika.tarsis.filters.security;
24  
25  import java.io.IOException;
26  
27  import javax.servlet.FilterChain;
28  import javax.servlet.ServletException;
29  import javax.servlet.ServletRequest;
30  import javax.servlet.ServletResponse;
31  
32  import org.talika.tarsis.command.Command;
33  import org.talika.tarsis.filters.CommandFilter;
34  import org.talika.tarsis.security.ForbiddenAccessException;
35  
36  /**
37   * Secure filter checks if command is secure and then if command is accessed throught
38   * HTTPS protocol.
39   *
40   * @author  Jose M. Palomar
41   * @version $Revision: 269 $
42   */
43  public final class IsSecureFilter extends CommandFilter {
44  
45      // Constants
46  
47      // Fields
48  
49      // Methods
50      /**
51       * Checks if command is accessed throught HTTPS protocol and if not throws
52       * a <code>ForbiddenAccessException</code>.
53       *
54       * @param request ServletRequest the <code>ServletRequest</code> object
55       * that contains the client's request.
56       * @param response ServletResponse the <code>ServletResponse</code> object
57       * that contains the servlet's response.
58       * @param chain FilterChain invocation chain of filtered request.
59       * @throws IOException if an input or output exception occurs
60       * @throws ServletException if an exception has occurred that interferes with the
61       * filter's normal operation
62       * @see javax.servlet.Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
63       */
64      public void doFilter(ServletRequest request, ServletResponse response,
65      FilterChain chain)
66      throws IOException, ServletException {
67  
68          if (getLogger().isDebugEnabled()) {
69              getLogger().logDebug(getFilterConfig().getFilterName() + ": invoked");
70          }
71  
72          try {
73              // Obtengo el comando si existe
74              Command cmd = findCommand(request);
75  
76              // Debe ser seguro?
77              if ((cmd != null) && cmd.isSecure()) {
78  
79                  if (!request.isSecure()) {
80                      throw new ForbiddenAccessException();
81                  }
82  
83              }
84  
85          }
86          catch (Throwable t) {
87              throw new ServletException(t);
88          }
89  
90          chain.doFilter(request, response);
91  
92      }
93  
94  }