Apache CXF API

org.apache.cxf.transport.http
Class MessageTrustDecider

java.lang.Object
  extended by org.apache.cxf.transport.http.MessageTrustDecider

public abstract class MessageTrustDecider
extends Object

The HTTPConduit calls upon this object to establish trust just before a message within the HTTP Conduit is sent out. This object is based on the implementation of HTTP Conduit using java.net.URL and java.net.URLConnection implementations. The HttpURLConnection will be set up and connected, but no data yet sent (at least according to the JDK 1.5 default implemenation), and in the case of an HttpsURLConnection (again with caveat on particular java.net.HttpsURLConnection implemenation), the TLS handshake will be completed and certain TLS artifacts will be available.

Each MessageTrustDecider has a "logical" name that may be used in logging to help ensure the proper trust decision is being made for particular conduits.


Field Summary
protected  String logicalName
          This field contains the "logical" name of this Message Trust Decider.
 
Constructor Summary
protected MessageTrustDecider()
          This default constructor sets the "logical" name of the trust decider to be its class name.
protected MessageTrustDecider(String name)
          This constructor is used to set the logical name of the trust decider.
 
Method Summary
abstract  void establishTrust(String conduitName, URLConnectionInfo connectionInfo, Message message)
          This method is called when a Message is about to be sent out over an HTTPConduit.
 String getLogicalName()
          This method returns the logical name of this trust decider.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logicalName

protected String logicalName
This field contains the "logical" name of this Message Trust Decider. This field is not assigned to be final, since an extension may be Spring initialized as a bean, have an appropriate setLogicalName method, and set this field.

Constructor Detail

MessageTrustDecider

protected MessageTrustDecider()
This default constructor sets the "logical" name of the trust decider to be its class name.


MessageTrustDecider

protected MessageTrustDecider(String name)
This constructor is used to set the logical name of the trust decider.

Method Detail

getLogicalName

public String getLogicalName()
This method returns the logical name of this trust decider. The name of the trust decider may be used in logging or auditing to make sure that the proper trust decision is being implemented.


establishTrust

public abstract void establishTrust(String conduitName,
                                    URLConnectionInfo connectionInfo,
                                    Message message)
                             throws UntrustedURLConnectionIOException
This method is called when a Message is about to be sent out over an HTTPConduit. Its implementation must throw the specified exception if the URL connection cannot be trusted for the message.

It is important to note that the Message structure at this point may not have any content, so any analysis of message content may be impossible.

This method gets invoked after URL.setRequestProperties() is called on the URL for the selected protocol.

The HTTPConduit calls this message on every redirect, however, it is impossible to tell where it has been redirected from. TODO: What are the exising Message Properties at the point of this call?

Parameters:
conduitName - This parameter contains the logical name for the conduit that this trust decider is being called from.
connectionInfo - This parameter contains information about the URL Connection. It may be subclassed depending on the protocol used for the URL. For "https", this argument will be a HttpsURLConnectionInfo. For "http", this argument will be HttpURLConnectionInfo.
message - This parameter contains the Message structure that governs where the message may be going.
Throws:
UntrustedURLConnectionIOException - The trust decider throws this exception if trust in the URLConnection cannot be established for the particular Message.
See Also:
HttpURLConnectionInfo, HttpsURLConnectionInfo

Apache CXF API

Apache CXF