Java tutorial
/* * @(#)SpringSecureChannelProcessor.java, 2015-2-26. * * Copyright 2015 Yodao, Inc. All rights reserved. * YODAO PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package nanshen.service.impl; import org.apache.commons.lang.StringUtils; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.access.channel.SecureChannelProcessor; import org.springframework.stereotype.Service; import org.springframework.util.Assert; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import java.util.Collection; /** * ??SSL termination proxy?? * <pre> * https http * Web browser -------------> Nginx -------------> Application server * </pre> * ?httpSpringSecurity? * <pre> * https * Web browser -------------> Application server * </pre> * SpringSecurity?SpringSecurityhttps * Nginx??httpsHttpHeaderHTTPS?on? * ??SpringSecurityhttps * * @author WANG Minghao */ @Service public class SpringSecureChannelProcessor extends SecureChannelProcessor { @Override public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException { Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided"); for (ConfigAttribute attribute : config) { if (supports(attribute)) { HttpServletRequest httpRequest = invocation.getHttpRequest(); if (!httpRequest.isSecure() && StringUtils.isBlank(httpRequest.getHeader("HTTPS"))) { getEntryPoint().commence(invocation.getRequest(), invocation.getResponse()); } } } } }