001// Copyright 2008-2013 The Apache Software Foundation
002//
003// Licensed under the Apache License, Version 2.0 (the "License");
004// you may not use this file except in compliance with the License.
005// You may obtain a copy of the License at
006//
007// http://www.apache.org/licenses/LICENSE-2.0
008//
009// Unless required by applicable law or agreed to in writing, software
010// distributed under the License is distributed on an "AS IS" BASIS,
011// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012// See the License for the specific language governing permissions and
013// limitations under the License.
014
015package org.apache.tapestry5.internal.services;
016
017import org.apache.tapestry5.LinkSecurity;
018import org.apache.tapestry5.services.ComponentEventRequestParameters;
019import org.apache.tapestry5.services.PageRenderRequestParameters;
020
021import java.io.IOException;
022
023/**
024 * Used to manage the relationship between the security of a request and the security of a page. By secure, we mean
025 * whether a request uses HTTPS and whether a page demands the use of HTTPS.
026 *
027 * @see org.apache.tapestry5.services.Request#isSecure()
028 */
029public interface RequestSecurityManager
030{
031    /**
032     * Checks the page to see if it is secure; if so, and the request is not secure, then a redirect to the page is
033     * generated and sent.
034     *
035     * @param parameters parameters for the current request
036     * @return true if a redirect was sent, false if normal processing should continue
037     * @throws IOException
038     */
039    boolean checkForInsecurePageRenderRequest(PageRenderRequestParameters parameters) throws IOException;
040
041    /**
042     * Checks the target page of the component event request to see if it is secure; if so, and the
043     * request is not secure, then a redirect to the page is generated and sent, preserving the
044     * original component event request.
045     *
046     * @param parameters parameters for the current request
047     * @return true if a redirect was sent, false if normal processing should continue
048     * @throws IOException
049     * @since 5.2.0.0
050     */
051    boolean checkForInsecureComponentEventRequest(ComponentEventRequestParameters parameters) throws IOException;
052
053    /**
054     * Determines if the page security does not match the request's security. Returns {@link LinkSecurity#SECURE}
055     * or {@link LinkSecurity#INSECURE} if the request security matches the pages. Otherwise, returns
056     * {@link LinkSecurity#FORCE_SECURE} or {@link LinkSecurity#FORCE_INSECURE} (which will force fully qualified URLs to be generated when
057     * rendering).
058     *
059     * @param pageName for the security check
060     * @return security for this request, as applied to indicated page
061     */
062    LinkSecurity checkPageSecurity(String pageName);
063}