Package org.broadleafcommerce.common.security.channel

Class ProtoInsecureChannelProcessor

java.lang.Object
org.springframework.security.web.access.channel.InsecureChannelProcessor
org.broadleafcommerce.common.security.channel.ProtoInsecureChannelProcessor
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, org.springframework.security.web.access.channel.ChannelProcessor
public class ProtoInsecureChannelProcessor extends org.springframework.security.web.access.channel.InsecureChannelProcessor

Very similar to the InsecureChannelProcessor except that instead of relying on only the HttpServletRequest this also allows inspection of the X-Forwarded-Proto header to determine if the request is secure. This class is required when the application is deployed to an environment where SSL termination happens at a layer above the servlet container (like at a load balancer)

This is intended to be used in conjunction with the ProtoChannelBeanPostProcessor. See that class for more information on how to configure.

This class encapsulates functionality given in InsecureChannelProcessor so it is unnecessary to configure both

Author:
Jeff Fischer, Phillip Verheyden (phillipuniverse)

  • Constructor Summary

    Constructors
    Constructor
    Description
    ProtoInsecureChannelProcessor()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    decide(org.springframework.security.web.FilterInvocation invocation, Collection<org.springframework.security.access.ConfigAttribute> config)
     

    Methods inherited from class org.springframework.security.web.access.channel.InsecureChannelProcessor

    afterPropertiesSet, getEntryPoint, getInsecureKeyword, setEntryPoint, setInsecureKeyword, supports

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • ProtoInsecureChannelProcessor

      public ProtoInsecureChannelProcessor()

  • Method Details

    • decide

      public void decide(org.springframework.security.web.FilterInvocation invocation, Collection<org.springframework.security.access.ConfigAttribute> config) throws IOException, jakarta.servlet.ServletException
      Specified by:
      decide in interface org.springframework.security.web.access.channel.ChannelProcessor
      Overrides:
      decide in class org.springframework.security.web.access.channel.InsecureChannelProcessor
      Throws:
      IOException
      jakarta.servlet.ServletException