Package org.apache.cxf.transport.http

Class MessageTrustDecider

  • public abstract class MessageTrustDecider
extends Object
    The HTTPConduit calls upon this object to establish trust just before a message within the HTTP Conduit is sent out. This object is based on the implementation of HTTP Conduit using java.net.URL and java.net.URLConnection implementations. The HttpURLConnection will be set up and connected, but no data yet sent (at least according to the JDK 1.5 default implementation), and in the case of an HttpsURLConnection (again with caveat on particular java.net.HttpsURLConnection implementation), the TLS handshake will be completed and certain TLS artifacts will be available.

    Each MessageTrustDecider has a "logical" name that may be used in logging to help ensure the proper trust decision is being made for particular conduits.

    • Field Detail

      • logicalName

        protected String logicalName
        This field contains the "logical" name of this Message Trust Decider. This field is not assigned to be final, since an extension may be Spring initialized as a bean, have an appropriate setLogicalName method, and set this field.

    • Constructor Detail

      • MessageTrustDecider

        protected MessageTrustDecider()
        This default constructor sets the "logical" name of the trust decider to be its class name.

      • MessageTrustDecider

        protected MessageTrustDecider​(String name)
        This constructor is used to set the logical name of the trust decider.

    • Method Detail

      • getLogicalName

        public String getLogicalName()
        This method returns the logical name of this trust decider. The name of the trust decider may be used in logging or auditing to make sure that the proper trust decision is being implemented.

      • establishTrust

        public abstract void establishTrust​(String conduitName,
                                    URLConnectionInfo connectionInfo,
                                    org.apache.cxf.message.Message message)
                             throws UntrustedURLConnectionIOException
        This method is called when a Message is about to be sent out over an HTTPConduit. Its implementation must throw the specified exception if the URL connection cannot be trusted for the message.

        It is important to note that the Message structure at this point may not have any content, so any analysis of message content may be impossible.

        This method gets invoked after URL.setRequestProperties() is called on the URL for the selected protocol.

        The HTTPConduit calls this message on every redirect, however, it is impossible to tell where it has been redirected from. TODO: What are the existing Message Properties at the point of this call?

        Parameters:
        conduitName - This parameter contains the logical name for the conduit that this trust decider is being called from.
        connectionInfo - This parameter contains information about the URL Connection. It may be subclassed depending on the protocol used for the URL. For "https", this argument will be a HttpsURLConnectionInfo. For "http", this argument will be HttpURLConnectionInfo.
        message - This parameter contains the Message structure that governs where the message may be going.
        Throws:
        UntrustedURLConnectionIOException - The trust decider throws this exception if trust in the URLConnection cannot be established for the particular Message.
        See Also:
        HttpURLConnectionInfo, HttpsURLConnectionInfo