nanshen.service.impl.SpringSecureChannelProcessor.java Source code

Java tutorial

Introduction

Here is the source code for nanshen.service.impl.SpringSecureChannelProcessor.java

Source

/*
 * @(#)SpringSecureChannelProcessor.java, 2015-2-26.
 *
 * Copyright 2015 Yodao, Inc. All rights reserved.
 * YODAO PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 */
package nanshen.service.impl;

import org.apache.commons.lang.StringUtils;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.channel.SecureChannelProcessor;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Collection;

/**
 * ??SSL termination proxy??
 * <pre>
 *                 https                 http
 * Web browser -------------> Nginx -------------> Application server
 * </pre>
 * ?httpSpringSecurity?
 * <pre>
 *                 https
 * Web browser -------------> Application server
 * </pre>
 * SpringSecurity?SpringSecurityhttps
 * Nginx??httpsHttpHeaderHTTPS?on?
 * ??SpringSecurityhttps
 *
 * @author WANG Minghao
 */
@Service
public class SpringSecureChannelProcessor extends SecureChannelProcessor {

    @Override
    public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
            throws IOException, ServletException {
        Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");

        for (ConfigAttribute attribute : config) {
            if (supports(attribute)) {
                HttpServletRequest httpRequest = invocation.getHttpRequest();
                if (!httpRequest.isSecure() && StringUtils.isBlank(httpRequest.getHeader("HTTPS"))) {
                    getEntryPoint().commence(invocation.getRequest(), invocation.getResponse());
                }
            }
        }
    }

}