1 /*
2  * JBoss, Home of Professional Open Source.
3  * Copyright 2014 Red Hat, Inc., and individual contributors
4  * as indicated by the @author tags.
5  *
6  * Licensed under the Apache License, Version 2.0 (the "License");
7  * you may not use this file except in compliance with the License.
8  * You may obtain a copy of the License at
9  *
10  *     http://www.apache.org/licenses/LICENSE-2.0
11  *
12  *  Unless required by applicable law or agreed to in writing, software
13  *  distributed under the License is distributed on an "AS IS" BASIS,
14  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  *  See the License for the specific language governing permissions and
16  *  limitations under the License.
17  */
18 package io.undertow.servlet.handlers.security;
19
20 import static io.undertow.servlet.UndertowServletMessages.MESSAGES;
21
22 import io.undertow.security.handlers.SinglePortConfidentialityHandler;
23 import io.undertow.server.HttpHandler;
24 import io.undertow.server.HttpServerExchange;
25 import io.undertow.servlet.api.AuthorizationManager;
26 import io.undertow.servlet.api.ConfidentialPortManager;
27 import io.undertow.servlet.api.TransportGuaranteeType;
28 import io.undertow.servlet.handlers.ServletRequestContext;
29 import io.undertow.util.StatusCodes;
30
31 import javax.servlet.http.HttpServletResponse;
32 import java.net.URI;
33 import java.net.URISyntaxException;
34
35 /**
36  * Servlet specific extension to {@link SinglePortConfidentialityHandler}
37  *
38  * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
39  */
40 public class ServletConfidentialityConstraintHandler extends SinglePortConfidentialityHandler {
41
42     private final ConfidentialPortManager portManager;
43
44     public ServletConfidentialityConstraintHandler(final ConfidentialPortManager portManager, final HttpHandler next) {
45         super(next, -1);
46         this.portManager = portManager;
47     }
48
49     @Override
50     public void handleRequest(HttpServerExchange exchange) throws Exception {
51         final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
52         final AuthorizationManager authorizationManager = servletRequestContext.getDeployment().getDeploymentInfo().getAuthorizationManager();
53
54         TransportGuaranteeType connectionGuarantee = servletRequestContext.getOriginalRequest().isSecure() ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE;
55         TransportGuaranteeType transportGuarantee = authorizationManager.transportGuarantee(connectionGuarantee,
56                 servletRequestContext.getTransportGuarenteeType(), servletRequestContext.getOriginalRequest());
57         servletRequestContext.setTransportGuarenteeType(transportGuarantee);
58
59         if (TransportGuaranteeType.REJECTED == transportGuarantee) {
60             HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse();
61             response.sendError(StatusCodes.FORBIDDEN);
62             return;
63         }
64         super.handleRequest(exchange);
65     }
66
67     @Override
68     protected boolean confidentialityRequired(HttpServerExchange exchange) {
69         TransportGuaranteeType transportGuarantee = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getTransportGuarenteeType();
70
71         // TODO - We may be able to add more flexibility here especially with authentication mechanisms such as Digest for
72         // INTEGRAL - for now just use SSL.
73         return (TransportGuaranteeType.CONFIDENTIAL == transportGuarantee || TransportGuaranteeType.INTEGRAL == transportGuarantee);
74     }
75
76     @Override
77     protected URI getRedirectURI(HttpServerExchange exchange) throws URISyntaxException {
78         int port = portManager.getConfidentialPort(exchange);
79         if (port < 0) {
80             throw MESSAGES.noConfidentialPortAvailable();
81         }
82
83         return super.getRedirectURI(exchange, port);
84     }
85
86     /**
87      * Use the HttpServerExchange supplied to check if this request is already 'sufficiently' confidential.
88      *
89      * Here we say 'sufficiently' as sub-classes can override this and maybe even go so far as querying the actual SSLSession.
90      *
91      * @param exchange - The {@link HttpServerExchange} for the request being processed.
92      * @return true if the request is 'sufficiently' confidential, false otherwise.
93      */
94     protected boolean isConfidential(final HttpServerExchange exchange) {
95         ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
96         if(src != null) {
97             return src.getOriginalRequest().isSecure();
98         }
99         return super.isConfidential(exchange);
100     }
101 }
102