• Home
• org.apache.tapestry
• tapestry-core
• 5.2.2
• source code
• RequestSecurityManager.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.tapestry5.internal.services.RequestSecurityManager Maven / Gradle / Ivy

// Copyright 2008, 2009, 2010 The Apache Software Foundation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package org.apache.tapestry5.internal.services;

import java.io.IOException;

import org.apache.tapestry5.services.ComponentEventRequestParameters;
import org.apache.tapestry5.services.PageRenderRequestParameters;

/**
 * Used to manage the relationship between the security of a request and the security of a page. By secure, we mean
 * whether a request uses HTTPS and whether a page demands the use of HTTPS.
 * 
 * @see org.apache.tapestry5.services.Request#isSecure()
 */
public interface RequestSecurityManager
{
    /**
     * Checks the page to see if it is secure; if so, and the request is not secure, then a redirect to the page is
     * generated and sent.
     * 
     * @param parameters
     *            parameters for the current request
     * @return true if a redirect was sent, false if normal processing should continue
     * @throws IOException
     */
    boolean checkForInsecurePageRenderRequest(PageRenderRequestParameters parameters) throws IOException;

    /**
     * Checks the target page of the component event request to see if it is secure; if so, and the
     * request is not secure, then a redirect to the page is generated and sent, preserving the
     * original component event request.
     * 
     * @param parameters
     *            parameters for the current request
     * @return true if a redirect was sent, false if normal processing should continue
     * @throws IOException
     * @since 5.2.0.0
     */
    boolean checkForInsecureComponentEventRequest(ComponentEventRequestParameters parameters) throws IOException;

    /**
     * Determines if the page security does not match the request's security.
     * 
     * @param pageName
     *            for the security check
     * @return SECURE or INSECURE if a change in security is required, or UNSPECIFIED if the request security matches
     *         the page's security level
     */
    LinkSecurity checkPageSecurity(String pageName);
}