Fixed #4766 - SecuredRedirectHandler should extend HandlerWrapper.

Updated the implementation to extend from HandlerWrapper. Updated the documentation. Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
jetty · Apr 13, 2020 · 93774ae · 93774ae
1 parent 14fda86
commit 93774ae
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 17 deletions.
diff --git a/...ation/src/main/asciidoc/embedded-guide/server/http/server-http-handler-use.adoc b/...ation/src/main/asciidoc/embedded-guide/server/http/server-http-handler-use.adoc
@@ -418,8 +418,24 @@ Server
 [[eg-server-http-handler-use-util-secure-handler]]
 ===== SecuredRedirectHandler -- Redirect from HTTP to HTTPS
 
-// TODO: wait for issue #4766
-TODO
+`SecuredRedirectHandler` allows to redirect requests made with the `http`
+scheme (and therefore to the clear-text port) to the `https` scheme (and
+therefore to the encrypted port).
+
+For example a request to `+http://domain.com:8080/path?param=value+` is
+redirected to `+https://domain.com:8443/path?param=value+`.
+
+Server applications must configure a `HttpConfiguration` object with the
+secure scheme and secure port so that `SecuredRedirectHandler` can build
+the redirect URI.
+
+`SecuredRedirectHandler` is typically configured at the server level,
+although it can be configured on a per-context basis.
+
+[source,java,indent=0]
+----
+include::../../{doc_code}/embedded/server/http/HTTPServerDocs.java[tags=securedHandler]
+----
 
 [[eg-server-http-handler-use-util-default-handler]]
 ===== DefaultHandler

diff --git a/jetty-documentation/src/main/java/embedded/server/http/HTTPServerDocs.java b/jetty-documentation/src/main/java/embedded/server/http/HTTPServerDocs.java
@@ -53,6 +53,7 @@
 import org.eclipse.jetty.server.handler.HandlerList;
 import org.eclipse.jetty.server.handler.HandlerWrapper;
 import org.eclipse.jetty.server.handler.ResourceHandler;
+import org.eclipse.jetty.server.handler.SecuredRedirectHandler;
 import org.eclipse.jetty.server.handler.StatisticsHandler;
 import org.eclipse.jetty.server.handler.gzip.GzipHandler;
 import org.eclipse.jetty.servlet.DefaultServlet;
@@ -761,6 +762,56 @@ public void statsHandler() throws Exception
         // end::statsHandler[]
     }
 
+    public void securedHandler() throws Exception
+    {
+        // tag::securedHandler[]
+        Server server = new Server();
+
+        // Configure the HttpConfiguration for the clear-text connector.
+        int securePort = 8443;
+        HttpConfiguration httpConfig = new HttpConfiguration();
+        httpConfig.setSecurePort(securePort);
+
+        // The clear-text connector.
+        ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
+        connector.setPort(8080);
+        server.addConnector(connector);
+
+        // Configure the HttpConfiguration for the encrypted connector.
+        HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
+        // Add the SecureRequestCustomizer because we are using TLS.
+        httpConfig.addCustomizer(new SecureRequestCustomizer());
+
+        // The HttpConnectionFactory for the encrypted connector.
+        HttpConnectionFactory http11 = new HttpConnectionFactory(httpsConfig);
+
+        // Configure the SslContextFactory with the keyStore information.
+        SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
+        sslContextFactory.setKeyStorePath("/path/to/keystore");
+        sslContextFactory.setKeyStorePassword("secret");
+
+        // The ConnectionFactory for TLS.
+        SslConnectionFactory tls = new SslConnectionFactory(sslContextFactory, http11.getProtocol());
+
+        // The encrypted connector.
+        ServerConnector secureConnector = new ServerConnector(server, tls, http11);
+        secureConnector.setPort(8443);
+        server.addConnector(secureConnector);
+
+        SecuredRedirectHandler securedHandler = new SecuredRedirectHandler();
+
+        // Link the SecuredRedirectHandler to the Server.
+        server.setHandler(securedHandler);
+
+        // Create a ContextHandlerCollection to hold contexts.
+        ContextHandlerCollection contextCollection = new ContextHandlerCollection();
+        // Link the ContextHandlerCollection to the StatisticsHandler.
+        securedHandler.setHandler(contextCollection);
+
+        server.start();
+        // end::securedHandler[]
+    }
+
     public void defaultHandler() throws Exception
     {
         // tag::defaultHandler[]

diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/SecuredRedirectHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/SecuredRedirectHandler.java
@@ -30,20 +30,22 @@
 import org.eclipse.jetty.util.URIUtil;
 
 /**
- * Secured Redirect Handler
- * <p>
- * Using information present in the {@link HttpConfiguration}, will attempt to redirect to the {@link HttpConfiguration#getSecureScheme()} and
- * {@link HttpConfiguration#getSecurePort()} for any request that {@link HttpServletRequest#isSecure()} == false.
+ * <p>SecuredRedirectHandler redirects from {@code http} to {@code https}.</p>
+ * <p>SecuredRedirectHandler uses the information present in {@link HttpConfiguration}
+ * attempting to redirect to the {@link HttpConfiguration#getSecureScheme()} and
+ * {@link HttpConfiguration#getSecurePort()} for any request that
+ * {@link HttpServletRequest#isSecure()} is false.</p>
  */
-public class SecuredRedirectHandler extends AbstractHandler
+public class SecuredRedirectHandler extends HandlerWrapper
 {
     @Override
     public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
     {
         HttpChannel channel = baseRequest.getHttpChannel();
-        if (baseRequest.isSecure() || (channel == null))
+        if (baseRequest.isSecure() || channel == null)
         {
-            // nothing to do
+            // Nothing to do here.
+            super.handle(target, baseRequest, request, response);
             return;
         }
 
@@ -52,23 +54,21 @@ public void handle(String target, Request baseRequest, HttpServletRequest reques
         HttpConfiguration httpConfig = channel.getHttpConfiguration();
         if (httpConfig == null)
         {
-            // no config, show error
-            response.sendError(HttpStatus.FORBIDDEN_403, "No http configuration available");
+            response.sendError(HttpStatus.FORBIDDEN_403, "Missing HttpConfiguration");
             return;
         }
 
-        if (httpConfig.getSecurePort() > 0)
+        int securePort = httpConfig.getSecurePort();
+        if (securePort > 0)
         {
-            String scheme = httpConfig.getSecureScheme();
-            int port = httpConfig.getSecurePort();
-
-            String url = URIUtil.newURI(scheme, baseRequest.getServerName(), port, baseRequest.getRequestURI(), baseRequest.getQueryString());
+            String secureScheme = httpConfig.getSecureScheme();
+            String url = URIUtil.newURI(secureScheme, baseRequest.getServerName(), securePort, baseRequest.getRequestURI(), baseRequest.getQueryString());
             response.setContentLength(0);
             response.sendRedirect(url);
         }
         else
         {
-            response.sendError(HttpStatus.FORBIDDEN_403, "Not Secure");
+            response.sendError(HttpStatus.FORBIDDEN_403, "HttpConfiguration.securePort not configured");
         }
     }
 }