Some extra safety checks
This commit is contained in:
parent
2b241ac04b
commit
40ae4767d1
|
@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||||
import org.eclipse.jetty.http.HttpStatus;
|
import org.eclipse.jetty.http.HttpStatus;
|
||||||
import org.eclipse.jetty.server.HttpChannel;
|
import org.eclipse.jetty.server.HttpChannel;
|
||||||
import org.eclipse.jetty.server.HttpConfiguration;
|
import org.eclipse.jetty.server.HttpConfiguration;
|
||||||
|
import org.eclipse.jetty.server.HttpConnection;
|
||||||
import org.eclipse.jetty.server.Request;
|
import org.eclipse.jetty.server.Request;
|
||||||
import org.eclipse.jetty.util.URIUtil;
|
import org.eclipse.jetty.util.URIUtil;
|
||||||
|
|
||||||
|
@ -41,11 +42,19 @@ public class SecuredRedirectHandler extends AbstractHandler
|
||||||
@Override
|
@Override
|
||||||
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
|
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
|
||||||
{
|
{
|
||||||
HttpConfiguration httpConfig = HttpChannel.getCurrentHttpChannel().getHttpConfiguration();
|
HttpConnection connection = HttpConnection.getCurrentConnection();
|
||||||
|
if (baseRequest.isSecure() || (connection == null))
|
||||||
if (baseRequest.isSecure())
|
|
||||||
{
|
{
|
||||||
return; // all done
|
// nothing to do
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
HttpConfiguration httpConfig = connection.getHttpConfiguration();
|
||||||
|
if (httpConfig == null)
|
||||||
|
{
|
||||||
|
// no config, show error
|
||||||
|
response.sendError(HttpStatus.FORBIDDEN_403,"No http configuration available");
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (httpConfig.getSecurePort() > 0)
|
if (httpConfig.getSecurePort() > 0)
|
||||||
|
@ -61,6 +70,7 @@ public class SecuredRedirectHandler extends AbstractHandler
|
||||||
{
|
{
|
||||||
response.sendError(HttpStatus.FORBIDDEN_403,"Not Secure");
|
response.sendError(HttpStatus.FORBIDDEN_403,"Not Secure");
|
||||||
}
|
}
|
||||||
|
|
||||||
baseRequest.setHandled(true);
|
baseRequest.setHandled(true);
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue