Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(gateway-engine-policies) Check for TLS earlier, otherwise failure… #500

Merged
merged 1 commit into from Aug 24, 2016
Merged

fix(gateway-engine-policies) Check for TLS earlier, otherwise failure… #500

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
12 changes: 7 additions & 5 deletions ...e/policies/src/main/java/io/apiman/gateway/engine/policies/BasicAuthenticationPolicy.java
View file
Open in desktop
Expand Up @@ -68,6 +68,13 @@ protected Class<BasicAuthenticationConfig> getConfigurationClass() {
@Override
protected void doApply(final ApiRequest request, final IPolicyContext context, final BasicAuthenticationConfig config,
final IPolicyChain<ApiRequest> chain) {

// Check transport security
if (config.isRequireTransportSecurity() && !request.isTransportSecure()) {
sendAuthFailure(context, chain, config, PolicyFailureCodes.TRANSPORT_SECURITY_REQUIRED);
return;
}

String authHeader = request.getHeaders().get("Authorization"); //$NON-NLS-1$
boolean requireBasic = config.getRequireBasicAuth() == null ? Boolean.TRUE : config.getRequireBasicAuth();

Expand All @@ -94,11 +101,6 @@ protected void doApply(final ApiRequest request, final IPolicyContext context, f
}
}

// Check transport security
if (config.isRequireTransportSecurity() && !request.isTransportSecure()) {
sendAuthFailure(context, chain, config, PolicyFailureCodes.TRANSPORT_SECURITY_REQUIRED);
}

// Parse the Authorization http header.
String username;
String password = null;
Expand Down