001    // Copyright 2008, 2009, 2010, 2011 The Apache Software Foundation
002    //
003    // Licensed under the Apache License, Version 2.0 (the "License");
004    // you may not use this file except in compliance with the License.
005    // You may obtain a copy of the License at
006    //
007    // http://www.apache.org/licenses/LICENSE-2.0
008    //
009    // Unless required by applicable law or agreed to in writing, software
010    // distributed under the License is distributed on an "AS IS" BASIS,
011    // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012    // See the License for the specific language governing permissions and
013    // limitations under the License.
014    
015    package org.apache.tapestry5.internal.services;
016    
017    import org.apache.tapestry5.services.ComponentEventRequestParameters;
018    import org.apache.tapestry5.services.PageRenderRequestParameters;
019    
020    import java.io.IOException;
021    
022    /**
023     * Used to manage the relationship between the security of a request and the security of a page. By secure, we mean
024     * whether a request uses HTTPS and whether a page demands the use of HTTPS.
025     *
026     * @see org.apache.tapestry5.services.Request#isSecure()
027     */
028    public interface RequestSecurityManager
029    {
030        /**
031         * Checks the page to see if it is secure; if so, and the request is not secure, then a redirect to the page is
032         * generated and sent.
033         *
034         * @param parameters parameters for the current request
035         * @return true if a redirect was sent, false if normal processing should continue
036         * @throws IOException
037         */
038        boolean checkForInsecurePageRenderRequest(PageRenderRequestParameters parameters) throws IOException;
039    
040        /**
041         * Checks the target page of the component event request to see if it is secure; if so, and the
042         * request is not secure, then a redirect to the page is generated and sent, preserving the
043         * original component event request.
044         *
045         * @param parameters parameters for the current request
046         * @return true if a redirect was sent, false if normal processing should continue
047         * @throws IOException
048         * @since 5.2.0.0
049         */
050        boolean checkForInsecureComponentEventRequest(ComponentEventRequestParameters parameters) throws IOException;
051    
052        /**
053         * Determines if the page security does not match the request's security. Returns {@link LinkSecurity#SECURE}
054         * or {@link LinkSecurity#INSECURE} if the request security matches the pages. Otherwise, returns
055         * {@link LinkSecurity#FORCE_SECURE} or {@link LinkSecurity#FORCE_INSECURE} (which will force fully qualified URLs to be generated when
056         * rendering).
057         *
058         * @param pageName for the security check
059         * @return security for this request, as applied to indicated page
060         */
061        LinkSecurity checkPageSecurity(String pageName);
062    }