SimpleSecureChannelProcessor.java

package pipe.plug.security.processor;

import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.channel.SecureChannelProcessor;
import org.springframework.util.Assert;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Collection;

/**
 * @author nyilmaz
 */
public class SimpleSecureChannelProcessor extends SecureChannelProcessor {
   
   private static final String X_FORWARDED_PROTO_HEADER = "X-Forwarded-Proto";
   
   private static final String X_FORWARDED_PROTO_VALUE = "https";

   @Override
   public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
      Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");

      for (ConfigAttribute attribute : config) {
         if (supports(attribute)) {
            if (!isSecure(invocation.getRequest())) {
               getEntryPoint().commence(invocation.getRequest(), invocation.getResponse());
            }
         }
      }
   }

   private Boolean isSecure(HttpServletRequest request) {
      return request.getHeader(X_FORWARDED_PROTO_HEADER).equals(X_FORWARDED_PROTO_VALUE);
   }
}