Class SecureChannelProcessor

All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, ChannelProcessor

public class SecureChannelProcessor extends Object implements org.springframework.beans.factory.InitializingBean, ChannelProcessor
Ensures channel security is active by review of HttpServletRequest.isSecure() responses.

The class responds to one case-sensitive keyword, getSecureKeyword(). If this keyword is detected, HttpServletRequest.isSecure() is used to determine the channel security offered. If channel security is not present, the configured ChannelEntryPoint is called. By default the entry point is RetryWithHttpsEntryPoint.

The default secureKeyword is REQUIRES_SECURE_CHANNEL.

  • Constructor Details

    • SecureChannelProcessor

      public SecureChannelProcessor()
  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet()
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
    • decide

      public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, jakarta.servlet.ServletException
      Description copied from interface: ChannelProcessor
      Decided whether the presented FilterInvocation provides the appropriate level of channel security based on the requested list of ConfigAttributes.
      Specified by:
      decide in interface ChannelProcessor
    • getEntryPoint

      public ChannelEntryPoint getEntryPoint()
    • getSecureKeyword

      public String getSecureKeyword()
    • setEntryPoint

      public void setEntryPoint(ChannelEntryPoint entryPoint)
    • setSecureKeyword

      public void setSecureKeyword(String secureKeyword)
    • supports

      public boolean supports(ConfigAttribute attribute)
      Description copied from interface: ChannelProcessor
      Indicates whether this ChannelProcessor is able to process the passed ConfigAttribute.

      This allows the ChannelProcessingFilter to check every configuration attribute can be consumed by the configured ChannelDecisionManager.

      Specified by:
      supports in interface ChannelProcessor
      attribute - a configuration attribute that has been configured against the ChannelProcessingFilter.
      true if this ChannelProcessor can support the passed configuration attribute