Package org.broadleafcommerce.common.security.channel

Class ProtoChannelBeanPostProcessor

java.lang.Object
org.broadleafcommerce.common.security.channel.ProtoChannelBeanPostProcessor
All Implemented Interfaces:
org.springframework.beans.factory.config.BeanPostProcessor, org.springframework.core.Ordered
public class ProtoChannelBeanPostProcessor extends Object implements org.springframework.beans.factory.config.BeanPostProcessor, org.springframework.core.Ordered

This class is designed to work in both a load-balanced and non load-balanced environment by replacing the existing default Spring channel processors which do not work in a load balanced environment. Configuration should be done as follows in your applicationContext-security:

Deploying to a load balanced environment with SSL termination at the load balancer as well as an environment with SSL termination at Tomcat/Apache: 
 
   <bean class="org.broadleafcommerce.common.security.channel.ProtoChannelBeanPostProcessor">
       <property name="channelProcessorOverrides">
           <list>
              <bean class="org.broadleafcommerce.common.security.channel.ProtoInsecureChannelProcessor" />
              <bean class="org.broadleafcommerce.common.security.channel.ProtoSecureChannelProcessor" />
          </list>
      </property>
  </bean>

That said, this solution only overrides the Spring Security directives but does not make any attempts to override any invocations to ServletRequest.isSecure(). If your application server supports it, we recommend instead using that approach which will encapsulate any functionality encapsulated within the Proto processors. For more information on configuring your specific servlet container, see this issue report

Author:
Jeff Fischer, Phillip Verheyden (phillipuniverse)

  • Field Details

    • channelProcessorOverrides

      protected List<org.springframework.security.web.access.channel.ChannelProcessor> channelProcessorOverrides

  • Constructor Details

    • ProtoChannelBeanPostProcessor

      public ProtoChannelBeanPostProcessor()

  • Method Details

    • postProcessAfterInitialization

      public Object postProcessAfterInitialization(Object bean, String beanName) throws org.springframework.beans.BeansException
      Specified by:
      postProcessAfterInitialization in interface org.springframework.beans.factory.config.BeanPostProcessor
      Throws:
      org.springframework.beans.BeansException

    • postProcessBeforeInitialization

      public Object postProcessBeforeInitialization(Object bean, String beanName) throws org.springframework.beans.BeansException
      Specified by:
      postProcessBeforeInitialization in interface org.springframework.beans.factory.config.BeanPostProcessor
      Throws:
      org.springframework.beans.BeansException

    • getOrder

      public int getOrder()
      Specified by:
      getOrder in interface org.springframework.core.Ordered

    • getChannelProcessorOverrides

      public List<org.springframework.security.web.access.channel.ChannelProcessor> getChannelProcessorOverrides()
      Returns:
      the channelProcessors

    • setChannelProcessorOverrides

      public void setChannelProcessorOverrides(List<org.springframework.security.web.access.channel.ChannelProcessor> channelProcessorOverrides)
      Parameters:
      channelProcessorOverrides - the channelProcessors to set