001// Copyright 2008, 2009, 2010, 2011 The Apache Software Foundation
002//
003// Licensed under the Apache License, Version 2.0 (the "License");
004// you may not use this file except in compliance with the License.
005// You may obtain a copy of the License at
006//
007// http://www.apache.org/licenses/LICENSE-2.0
008//
009// Unless required by applicable law or agreed to in writing, software
010// distributed under the License is distributed on an "AS IS" BASIS,
011// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012// See the License for the specific language governing permissions and
013// limitations under the License.
014
015package org.apache.tapestry5.internal.services;
016
017import org.apache.tapestry5.services.ComponentEventRequestParameters;
018import org.apache.tapestry5.services.PageRenderRequestParameters;
019
020import java.io.IOException;
021
022/**
023 * Used to manage the relationship between the security of a request and the security of a page. By secure, we mean
024 * whether a request uses HTTPS and whether a page demands the use of HTTPS.
025 *
026 * @see org.apache.tapestry5.services.Request#isSecure()
027 */
028public interface RequestSecurityManager
029{
030    /**
031     * Checks the page to see if it is secure; if so, and the request is not secure, then a redirect to the page is
032     * generated and sent.
033     *
034     * @param parameters parameters for the current request
035     * @return true if a redirect was sent, false if normal processing should continue
036     * @throws IOException
037     */
038    boolean checkForInsecurePageRenderRequest(PageRenderRequestParameters parameters) throws IOException;
039
040    /**
041     * Checks the target page of the component event request to see if it is secure; if so, and the
042     * request is not secure, then a redirect to the page is generated and sent, preserving the
043     * original component event request.
044     *
045     * @param parameters parameters for the current request
046     * @return true if a redirect was sent, false if normal processing should continue
047     * @throws IOException
048     * @since 5.2.0.0
049     */
050    boolean checkForInsecureComponentEventRequest(ComponentEventRequestParameters parameters) throws IOException;
051
052    /**
053     * Determines if the page security does not match the request's security. Returns {@link LinkSecurity#SECURE}
054     * or {@link LinkSecurity#INSECURE} if the request security matches the pages. Otherwise, returns
055     * {@link LinkSecurity#FORCE_SECURE} or {@link LinkSecurity#FORCE_INSECURE} (which will force fully qualified URLs to be generated when
056     * rendering).
057     *
058     * @param pageName for the security check
059     * @return security for this request, as applied to indicated page
060     */
061    LinkSecurity checkPageSecurity(String pageName);
062}