001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    package org.apache.shiro.web.filter.authz;
020    
021    /**
022     * Filter which requires a request to be over SSL.
023     * <p/>
024     * The {@link #getPort() port} property defaults to {@code 443} and also additionally guarantees that the
025     * request scheme is always 'https' (except for port 80, which retains the 'http' scheme).
026     * <p/>
027     * Example config:
028     * <pre>
029     * [urls]
030     * /secure/path/** = ssl
031     * </pre>
032     *
033     * @since 1.0
034     */
035    public class SslFilter extends PortFilter {
036    
037        public static final int DEFAULT_HTTPS_PORT = 443;
038        public static final String HTTPS_SCHEME = "https";
039    
040        public SslFilter() {
041            setPort(DEFAULT_HTTPS_PORT);
042        }
043    
044        @Override
045        protected String getScheme(String requestScheme, int port) {
046            if (port == DEFAULT_HTTP_PORT) {
047                return PortFilter.HTTP_SCHEME;
048            } else {
049                return HTTPS_SCHEME;
050            }
051        }
052    }