Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Some extra safety checks

This commit is contained in:
Joakim Erdfelt 2014-12-16 15:52:33 -07:00
parent 2b241ac04b
commit 40ae4767d1
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
jetty-server/src/main/java/org/eclipse/jetty/server/handler/SecuredRedirectHandler.java
View File

@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.server.HttpChannel;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnection;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.util.URIUtil;
@ -41,11 +42,19 @@ public class SecuredRedirectHandler extends AbstractHandler
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
{
HttpConfiguration httpConfig = HttpChannel.getCurrentHttpChannel().getHttpConfiguration();
if (baseRequest.isSecure())
HttpConnection connection = HttpConnection.getCurrentConnection();
if (baseRequest.isSecure() || (connection == null))
{
return; // all done
// nothing to do
return;
}
HttpConfiguration httpConfig = connection.getHttpConfiguration();
if (httpConfig == null)
{
// no config, show error
response.sendError(HttpStatus.FORBIDDEN_403,"No http configuration available");
return;
}
if (httpConfig.getSecurePort() > 0)
@ -61,6 +70,7 @@ public class SecuredRedirectHandler extends AbstractHandler
{
response.sendError(HttpStatus.FORBIDDEN_403,"Not Secure");
}
baseRequest.setHandled(true);
}
}