RequestContext request) {}
public ResponseContext filter(
RequestContext request,
FilterChain chain) {
ResponseContext response = super.filter(request, chain);
String method = request.getMethod();
// include a Accept-Encryption header in the response to GET, HEAD and OPTIONS requests
// the header will specify all the information the client needs to construct
// it's own DH context and encrypt the request
if ("GET".equalsIgnoreCase(method) ||
"HEAD".equalsIgnoreCase(method) ||
"OPTIONS".equalsIgnoreCase(method)) {
DHContext context =
(DHContext) request.getAttribute(
Scope.SESSION,
"dhcontext");
if (context == null) {
context = new DHContext();
request.setAttribute(Scope.SESSION, "dhcontext", context);
}
response.setHeader(
Constants.ACCEPT_ENCRYPTION,
context.getRequestString());
}
return response;
}