public class SSLHeaderHandler extends Object implements HttpHandler
If this handler is present in the chain it will always override the SSL session information, even if these headers are not present.
This handler MUST only be used on servers that are behind a reverse proxy, where the reverse proxy has been configured to always set these header for EVERY request (or strip existing headers with these names if no SSL information is present). Otherwise it may be possible for a malicious client to spoof a SSL connection.
Modifier and Type | Class and Description |
---|---|
static class | SSLHeaderHandler.Builder |
Constructor and Description |
---|
SSLHeaderHandler(HttpHandler next) |
Modifier and Type | Method and Description |
---|---|
void | handleRequest(HttpServerExchange exchange) Handle the request. |
public static final String HTTPS
public SSLHeaderHandler(HttpHandler next)
public void handleRequest(HttpServerExchange exchange) throws Exception
HttpHandler
handleRequest
in interface HttpHandler
exchange
- the HTTP request/response exchangeException
Copyright © 2015 JBoss by Red Hat. All rights reserved.