1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23 package org.talika.tarsis.filters.security;
24
25 import java.io.IOException;
26
27 import javax.servlet.FilterChain;
28 import javax.servlet.ServletException;
29 import javax.servlet.ServletRequest;
30 import javax.servlet.ServletResponse;
31
32 import org.talika.tarsis.command.Command;
33 import org.talika.tarsis.filters.CommandFilter;
34 import org.talika.tarsis.security.ForbiddenAccessException;
35
36 /**
37 * Secure filter checks if command is secure and then if command is accessed throught
38 * HTTPS protocol.
39 *
40 * @author Jose M. Palomar
41 * @version $Revision: 269 $
42 */
43 public final class IsSecureFilter extends CommandFilter {
44
45
46
47
48
49
50 /**
51 * Checks if command is accessed throught HTTPS protocol and if not throws
52 * a <code>ForbiddenAccessException</code>.
53 *
54 * @param request ServletRequest the <code>ServletRequest</code> object
55 * that contains the client's request.
56 * @param response ServletResponse the <code>ServletResponse</code> object
57 * that contains the servlet's response.
58 * @param chain FilterChain invocation chain of filtered request.
59 * @throws IOException if an input or output exception occurs
60 * @throws ServletException if an exception has occurred that interferes with the
61 * filter's normal operation
62 * @see javax.servlet.Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
63 */
64 public void doFilter(ServletRequest request, ServletResponse response,
65 FilterChain chain)
66 throws IOException, ServletException {
67
68 if (getLogger().isDebugEnabled()) {
69 getLogger().logDebug(getFilterConfig().getFilterName() + ": invoked");
70 }
71
72 try {
73
74 Command cmd = findCommand(request);
75
76
77 if ((cmd != null) && cmd.isSecure()) {
78
79 if (!request.isSecure()) {
80 throw new ForbiddenAccessException();
81 }
82
83 }
84
85 }
86 catch (Throwable t) {
87 throw new ServletException(t);
88 }
89
90 chain.doFilter(request, response);
91
92 }
93
94 }