public void bootstrap(RequestContext request) {
}
public ResponseContext filter(RequestContext request, FilterChain chain) {
ResponseContext response = super.filter(request, chain);
String method = request.getMethod();
// include a Accept-Encryption header in the response to GET, HEAD and OPTIONS requests
// the header will specify all the information the client needs to construct
// it's own DH context and encrypt the request
if ("GET".equalsIgnoreCase(method) || "HEAD".equalsIgnoreCase(method) || "OPTIONS".equalsIgnoreCase(method)) {
DHContext context = (DHContext)request.getAttribute(Scope.SESSION, "dhcontext");
if (context == null) {
context = new DHContext();
request.setAttribute(Scope.SESSION, "dhcontext", context);
}
response.setHeader(Constants.ACCEPT_ENCRYPTION, context.getRequestString());
}
return response;
}