Package org.broadleafcommerce.common.security.channel

Class ProtoSecureChannelProcessor

java.lang.Object
org.springframework.security.web.access.channel.SecureChannelProcessor
org.broadleafcommerce.common.security.channel.ProtoSecureChannelProcessor
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, org.springframework.security.web.access.channel.ChannelProcessor
public class ProtoSecureChannelProcessor extends org.springframework.security.web.access.channel.SecureChannelProcessor

Very similar to the SecureChannelProcessor except that instead of relying on only the HttpServletRequest this also allows inspection of the X-Forwarded-Proto header to determine if the request is secure. This class is required when the application is deployed to an environment where SSL termination happens at a layer above the servlet container (like at a load balancer)

This is intended to be used in conjunction with the ProtoChannelBeanPostProcessor. See that class for more information on how to configure.

This class encapsulates functionality given in SecureChannelProcessor so it is unnecessary to configure both

Author:
Jeff Fischer, Phillip Verheyden (phillipuniverse)

  • Constructor Summary

    Constructors
    Constructor
    Description
    ProtoSecureChannelProcessor()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    decide(org.springframework.security.web.FilterInvocation invocation, Collection<org.springframework.security.access.ConfigAttribute> config)
     

    Methods inherited from class org.springframework.security.web.access.channel.SecureChannelProcessor

    afterPropertiesSet, getEntryPoint, getSecureKeyword, setEntryPoint, setSecureKeyword, supports

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • ProtoSecureChannelProcessor

      public ProtoSecureChannelProcessor()

  • Method Details

    • decide

      public void decide(org.springframework.security.web.FilterInvocation invocation, Collection<org.springframework.security.access.ConfigAttribute> config) throws IOException, jakarta.servlet.ServletException
      Specified by:
      decide in interface org.springframework.security.web.access.channel.ChannelProcessor
      Overrides:
      decide in class org.springframework.security.web.access.channel.SecureChannelProcessor
      Throws:
      IOException
      jakarta.servlet.ServletException