001// Copyright 2008-2013 The Apache Software Foundation 002// 003// Licensed under the Apache License, Version 2.0 (the "License"); 004// you may not use this file except in compliance with the License. 005// You may obtain a copy of the License at 006// 007// http://www.apache.org/licenses/LICENSE-2.0 008// 009// Unless required by applicable law or agreed to in writing, software 010// distributed under the License is distributed on an "AS IS" BASIS, 011// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 012// See the License for the specific language governing permissions and 013// limitations under the License. 014 015package org.apache.tapestry5.internal.services; 016 017import org.apache.tapestry5.LinkSecurity; 018import org.apache.tapestry5.services.ComponentEventRequestParameters; 019import org.apache.tapestry5.services.PageRenderRequestParameters; 020 021import java.io.IOException; 022 023/** 024 * Used to manage the relationship between the security of a request and the security of a page. By secure, we mean 025 * whether a request uses HTTPS and whether a page demands the use of HTTPS. 026 * 027 * @see org.apache.tapestry5.services.Request#isSecure() 028 */ 029public interface RequestSecurityManager 030{ 031 /** 032 * Checks the page to see if it is secure; if so, and the request is not secure, then a redirect to the page is 033 * generated and sent. 034 * 035 * @param parameters parameters for the current request 036 * @return true if a redirect was sent, false if normal processing should continue 037 * @throws IOException 038 */ 039 boolean checkForInsecurePageRenderRequest(PageRenderRequestParameters parameters) throws IOException; 040 041 /** 042 * Checks the target page of the component event request to see if it is secure; if so, and the 043 * request is not secure, then a redirect to the page is generated and sent, preserving the 044 * original component event request. 045 * 046 * @param parameters parameters for the current request 047 * @return true if a redirect was sent, false if normal processing should continue 048 * @throws IOException 049 * @since 5.2.0.0 050 */ 051 boolean checkForInsecureComponentEventRequest(ComponentEventRequestParameters parameters) throws IOException; 052 053 /** 054 * Determines if the page security does not match the request's security. Returns {@link LinkSecurity#SECURE} 055 * or {@link LinkSecurity#INSECURE} if the request security matches the pages. Otherwise, returns 056 * {@link LinkSecurity#FORCE_SECURE} or {@link LinkSecurity#FORCE_INSECURE} (which will force fully qualified URLs to be generated when 057 * rendering). 058 * 059 * @param pageName for the security check 060 * @return security for this request, as applied to indicated page 061 */ 062 LinkSecurity checkPageSecurity(String pageName); 063}